DevMenu

Search tracker summary

Last changes

Last Modified Items

Last Modified Comments

tikiwiki.org

Security

Intrusions, site breakage, lost data
Print

Disclose a vulnerability
To allow us time to patch the system, please report the vulnerability using the bug tracking system using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact the security squad with full details (external link) and we'll deal with your input.


Please see http://security.tikiwiki.org (external link)

Table of contents



Open

 RatingSummaryPriorityInvert SortData typeVersionFeatureCreated
open  1 User Information Page shows non-public wiki page titles7Bug (error message, broken, etc)2.x
3.x		Permission
Security
Wiki (history, page rename, etc)		2008-07
open  6 RSS Calendar Security problem - anonymous users allowed access to secured calendar via RSS link7Calendar
Category
Group
RSS
Security		2007-10
open  - No spam protection for shoutbox users7Bug : Usability (trouble to accomplish task)1.9.xSecurity
Shoutbox		2008-06
open  1 Need stronger CapCha7Feature request2.xSecurity2008-06
open  - Warning: is_dir(): Stat failed for ./img/wiki_up/tiki1/... intiki-admin_security.php?check_files6Bug : Usability (trouble to accomplish task)2.x All / Undefined
Security		2006-09
open  - Banning users ( tiki-admin_banning.php ) doesn't work for me at doc.tw.o6Bug : Usability (trouble to accomplish task)1.9.xSecurity
User Administration (Registration, Login & Banning)		2007-06
open  6 Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)6Bug (error message, broken, etc)3.xArticle
Cache
Security
Trackers
Wiki (history, page rename, etc)
Wiki Plugin (extends basic syntax)		2007-08
open  4 Registration Page does not display and password suggestion does not consider security settings.6Bug : Usability (trouble to accomplish task)
Feature request		1.9.xSecurity
User Administration (Registration, Login & Banning)		2008-01
open  1 Image attachements are not saved unique5Bug (error message, broken, etc)
Bug : Usability (trouble to accomplish task)		1.8.x
1.9.x		Security
Wiki (history, page rename, etc)		2006-04
open  - Security bug which bypasses directory site validation.5Bug (error message, broken, etc)1.9.xDirectory (of hyperlinks)
Security		2006-07
open  2 binddb and bindpw not used when binding to LDAP5Bug (error message, broken, etc)
Patch		1.9.xExternal Authentication (LDAP, AD, PAM, CAS, etc)
Security
User Administration (Registration, Login & Banning)		2007-10
open  2 Secdb for all files (not just php)5Feature request1.9.x
2.x		Administration
Installer (profiles, upgrades and server-related issues)
Security		2007-11
open  - Automatic SVN commit of secdb and syncdb5Community projects2.xInstaller (profiles, upgrades and server-related issues)
Security		2008-04
open  2 mail-in provides no security4Bug (error message, broken, etc)1.9.xArticle
Mail-in
Security
Wiki (history, page rename, etc)		2006-05
open  4 Better protection against accidental site breakage with improper use of code in modules + template 4Bug (error message, broken, etc)
Bug : Usability (trouble to accomplish task)
Feature request		1.9.xAdministration
Installer (profiles, upgrades and server-related issues)
Modules
Security
Site Identity
Templates (Smarty)		2007-04
open  - Trackback pings should not use fopen to open urls.3Bug (error message, broken, etc)1.9.x
2.x		Blog
Security
XML RPC		2005-05
open  - wiki-edit: footnotes allows html3Bug (error message, broken, etc)1.9.xSecurity
Wiki (history, page rename, etc)		2006-08
open  - dynamic contents in userdefined modules crashes tiki31.9.xDynamic Content
Modules
Security
Wiki Syntax (text area, parser, external wiki, etc)		2006-08
open  0 Built it TPL editor removes Javascript from the Templates3Bug : Usability (trouble to accomplish task)
Feature request		2.xSecurity
Theme: Look & feel, Styles, CSS, Theme Control Center		2005-04
open  - My site totally dead: Warning: ini_set() has been disabled for security reasons31.9.xSecurity2007-06
open  7 Restrict possible characters in usernames3Bug (error message, broken, etc)
Bug : Usability (trouble to accomplish task)
Feature request		2.xSecurity
User Administration (Registration, Login & Banning)		2007-07
open  1 Trackers: ratings fake vote by URL3Bug (error message, broken, etc)1.9.x
A *.tikiwiki.org site		Rating
Security
Trackers		2007-12
open  1 Category plugin lists objects even without perms31.9.x
2.x		Category
Security
Wiki Plugin (extends basic syntax)		2008-01
open  - Instantaneous visual feedback of password strength3Feature request2.xSecurity
User Administration (Registration, Login & Banning)		2008-06
open  2 Path disclosure bug in trackers2Bug (error message, broken, etc)1.9.xSecurity
Trackers		2007-06
open  1 Easy way to deal with SSL when using external images or scripts1 lowFeature request2.xSecurity
Stats		2008-02
open  - Security DB and mods don't work together 1 lowBug : Usability (trouble to accomplish task)
Feature request		2.xMods
Security		2008-02
open  2 File gallery: Virus checkerFeature request2.xFile Gallery
Security		2008-04


Pending

 RatingSummaryPriorityInvert SortData typeVersionFeatureCreated
pending  2 Secdb automatic check with cron job5Feature request1.9.x
2.x		Administration
Installer (profiles, upgrades and server-related issues)
Security		2007-09
pending  3 Authenticated RSS5Feature request2.x
3.x		RSS
Security		2008-01
pending  1 Security problem with sophisticated google hack on local.php (how to clean up after an intrusion)2Installer (profiles, upgrades and server-related issues)
Security		2007-11


Closed (solved)

 RatingSummaryPriorityInvert SortData typeVersionFeatureCreated
closed  - tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss9 highBug (error message, broken, etc)1.9.x
2.x		Security2006-11
closed  - Vulnerability in registrating9 high1.9.xSecurity
User Administration (Registration, Login & Banning)		2007-01
closed  2 XSS vulnerability issue B969 highBug (error message, broken, etc)1.9.xSecurity2008-01
closed  - tiki_p_search makes users "admin"8Bug (error message, broken, etc)
Bug : Consistency		2.xAdministration
Search
Security
User Administration (Registration, Login & Banning)		2008-03
closed  3 Forum security issue: Ref: H567Bug (error message, broken, etc)1.9.xForum
Security		2007-07
closed  2 Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)6Bug (error message, broken, etc)1.9.xCache
Database MySQL
Security
Wiki (history, page rename, etc)
Wiki Plugin (extends basic syntax)		2007-06
closed  - image gallery: sort_mode=filesize causes mysql error and path disclosure5Bug (error message, broken, etc)1.9.x
2.x		Image Gallery
Security		2007-09
closed  - Change Crypt passwords method4Feature request2.x
3.x		Security
User Administration (Registration, Login & Banning)		2008-07
closed  - No access permission on articles----articles accessible by articleID for any groupFeature request1.9.xArticle
Security		2007-01
closed  - CVE-2006-6457 tikiwiki vulnerableBug (error message, broken, etc)
Support request		1.9.x All / Undefined
Security		2007-01
closed  - TikiWiki 2.0: Odd Tags get Inserted into HTML CodeBug (error message, broken, etc)
Bug : Consistency
Bug : Usability (trouble to accomplish task)		2.xSecurity
Wiki Syntax (text area, parser, external wiki, etc)		2008-08


Contributors to this page: marclaporte13263 points  .
Page last modified on Wednesday 04 June, 2008 20:00:28 UTC by marclaporte13263 points .

SourceHistorySlides

To register

To have an account at this site, please register at Tikiwiki.org (external link), and then use that user name and password to log in here.

This site gets user information from Tikiwiki.org with the InterTiki feature.

keywords

The following is a list of tikiwiki keywords that should serve as hubs for navigation within the tiki development and should correspond to documentation keywords

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI – 508)
Action log (Tiki 2.0)
Administration
Ajax (Tiki 2.0)
Articles & Submissions
Backup
Banner
Blog
Bookmark
Browser Compatibility
Cache
Calendar
Category
Charts
Chat
Comment
Communication Center
Compression (gzip)
Contact Address book
Contact us
Content template
Contribution (Tiki 2.0)
Cookie
Copyright
Custom Home (and Group Home Page)
Database independence
Database MySQL
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tikiwiki.org (Help System)
Drawing
Dynamic Content
Dynamic Variable
Ephemeride
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Game
Gmap Google maps
Group
Help System
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Install
Integrator
Interaction
Inter-User Messages
InterTiki
JS Calendar
Karma
Live Support
Lost edit protection
Mail-in
Map with Mapserver
Menu
Meta Tag
Mini-Calendar
Missing features
Mobile Tiki and Voice Tiki
Mods
Module
Multimedia (Tiki 2.0)
MultiTiki
MyTiki
Newsletter
Newsreader
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
PDF
Permission
Poll
Profile Manager
Quicktags
Quiz
Rating
Registration
RSS
Score
Search Engine Friendly
Search
Security
Shoutbox
Site Identity
Slideshow
Smarty Template
Smiley
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Stats
Structure
Survey
System log
Tags (Tiki 2.0)
Task
Tell a Friend + Social Bookmarking (Tiki 2.0)
TikiTests (Tiki 2.0)
Theme
Trackers
Trackers (Mirror)
User Administration
User Files
User Menu
Watch
WebHelp
Webmail
Wiki 3D
Wiki Plugin extends basic syntax
Wiki Syntax text area, parser, etc
Wiki History, page rename, etc
Workflow (Galaxia Workflow engine)
WYSIWYCA
WYSIWYG (Tiki 2.0)
XMLRPC

Search Wiki PageName

Exact match

Online users

32 online users
RSS feed Wiki RSS feed Blogs RSS feed Calendars