[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0808122036040.26550@faron.mitre.org>
Date: Tue, 12 Aug 2008 20:37:36 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...re.org>
Subject: Re: CVE request: tikiwiki < 2.0
These were SPLIT since CVE-2008-3654, while unspecified, has more specific
consequences that suggest certain bug types (e.g. an accessible
phpinfo()), whereas the others convey no information whatsoever.
======================================================
Name: CVE-2008-3653
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3653
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35
Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before
2.0 have unknown impact and attack vectors.
======================================================
Name: CVE-2008-3654
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3654
Reference: CONFIRM:http://info.tikiwiki.org/tiki-read_article.php?articleId=35
Reference: CONFIRM:http://tikiwiki.org/ReleaseNotes20
Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows
attackers to obtain "path and PHP configuration" via unknown vectors.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
