Intrusions, site breakage, lost data (Cached)

Security

Disclose a vulnerability

To allow us time to patch the system, please report the vulnerability using the bug tracking system using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact (external link)

the security team with full details and we'll deal with your input.

Please see http://security.tikiwiki.org (external link)

Open
Pending
Closed

Open

Rating	Subject	Priority	Category	Created
(0)	Login at workflow.tw.o and info.tw.o fails with XMLRPC Error: 5		Bug: Error	2008-12
(1)	Plugin html should have security, and pass code exactly as is		Feature request	2009-03
(0)	User information becomes public when set to private		Bug: Consistency Bug: Error Bug: Security	2009-07
(1)	Easy way to deal with SSL when using external images or scripts	1 low	Feature request	2008-02
(0)	Security DB and mods don't work together	1 low	Bug: Usability Feature request	2008-02
(1)	File gallery: Virus checker	1 low	Feature request	2008-04
(1)	Path disclosure bug in trackers	2	Bug: Error	2007-06
(1)	Password manager	2	Feature request	2009-07
(1)	Trackers: ratings fake vote by URL	3	Bug: Error	2007-12
(0)	Trackback pings should not use fopen to open urls.	3	Bug: Error	2005-05
(1)	Category plugin lists objects even without perms	3	Bug: Security	2008-01
(1)	wiki-edit: footnotes allows html	3	Bug: Error	2006-08
(0)	dynamic contents in userdefined modules crashes tiki	3		2006-08
(1)	false positive at tikiwiki security error report	4	Bug: Usability	2009-02
(3)	mail-in provides no security	4	Bug: Error	2006-05
(2)	binddb and bindpw not used when binding to LDAP	5	Bug: Error Patch	2007-10
(1)	Secdb for all files (not just php)	5	Feature request	2007-11
(0)	Automatic SVN commit of secdb and syncdb	5	Community projects	2008-04
(0)	Logout fails to work when web authorization is selected	5	Bug: Usability	2009-04
(0)	Enhancement: Use .htpasswd / .htgroup for user access & control	5	Feature request	2009-04
(2)	Image attachements are not saved unique	5	Bug: Error Bug: Usability	2006-04
(0)	Security bug which bypasses directory site validation.	5	Bug: Error	2006-07
(1)	Banning users ( tiki-admin_banning.php ) doesn't work for me at doc.tw.o	6	Bug: Usability	2007-06
(2)	Registration Page does not display and password suggestion does not consider security settings.	6	Bug: Usability Feature request	2008-01
(0)	Setting admin password in the installer, with option to force change at first login	6	Feature request	2009-05
(0)	Redirect plugin: add wiki= so we can use this plugin without a validation at each page	6	Feature request	2009-08
(1)	Fatal error: Call to undefined TikiDb_Adodb::setAttribute() in ..\lib\tikisession-pdo.php on line 18	6	Bug: Error	2009-11
(1)	Warning: is_dir(): Stat failed for ./img/wiki_up/tiki1/... intiki-admin_security.php?check_files	6	Bug: Usability	2006-09
(3)	RSS Calendar Security problem - anonymous users allowed access to secured calendar via RSS link	7		2007-10
(0)	No spam protection for shoutbox users	7	Bug: Usability	2008-06
(3)	Need stronger CapCha	7	Feature request	2008-06
(1)	User Information Page shows non-public wiki page titles	7	Bug: Error	2008-07
(0)	Security issue in a module	7	Bug: Error	2008-12
(1)	Web Auth Needs Some Fine Tuning	7	Bug: conflict of two features (each works well independently) Bug: Usability Feature request	2009-04
(1)	Profiles Repository URLs Are Not Connect	7	Bug: Usability Support request	2009-11
(0)	security issue: login issue	8	Bug: Error	2009-03
(2)	Categorisation permission issue with Calendars and Trackers	9 high	Bug: Consistency Bug: Error	2009-02
(2)	Add "tiki_p_admin_structures" permission	9 high	Bug: Usability Feature request	2009-04
(1)	potential security hole related to managing users	9 high	Bug: Usability Support request	2009-11

Pending

Rating	Subject	Priority	Category	Created
(1)	Security problem with sophisticated google hack on local.php (how to clean up after an intrusion)	2		2007-11
(0)	Instantaneous visual feedback of password strength	3	Feature request	2008-06
(0)	Upgrade to rel 4 : No permissions for user "admin"	9 high	Bug: Regression	2010-01
(2)	Built it TPL editor removes Javascript from the Templates	3	Bug: Usability Feature request	2005-04

Closed

Rating	Subject	Priority	Category	Created
(1)	Plugins admin interface to activate/deactivate plugins	9 high	Feature request	2006-02
(2)	Optional disabling on javascript stripping protection	6	Feature request	2006-07
(1)	tikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss	9 high	Bug: Error	2006-11
(0)	No access permission on articles----articles accessible by articleID for any group		Feature request	2007-01
(0)	Vulnerability in registrating	9 high		2007-01
(1)	CVE-2006-6457 tikiwiki vulnerable		Bug: Error Support request	2007-01
(2)	Better protection against accidental site breakage with improper use of code in modules + template	4	Bug: Error Bug: Usability Feature request	2007-04
(0)	My site totally dead: Warning: ini_set() has been disabled for security reasons	7	Bug: Error	2007-06
(3)	Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)	6	Bug: Error	2007-06
(2)	Forum security issue: Ref: H56	7	Bug: Error	2007-07
(4)	Restrict possible characters in usernames	3	Bug: Error Bug: Usability Feature request	2007-07
(3)	Wiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)	6	Bug: Error	2007-08
(0)	image gallery: sort_mode=filesize causes mysql error and path disclosure	5	Bug: Error	2007-09
(1)	Secdb automatic check with cron job	5	Feature request	2007-09
(1)	XSS vulnerability issue B96	9 high	Bug: Error	2008-01
(4)	Authenticated RSS	5	Feature request	2008-01
(0)	tiki_p_search makes users "admin"	8	Bug: Consistency Bug: Error	2008-03
(0)	Change Crypt passwords method	4	Feature request	2008-07
(0)	TikiWiki 2.0: Odd Tags get Inserted into HTML Code		Bug: Consistency Bug: Error Bug: Usability	2008-08
(0)	TikiWiki 2.0: SearchBox Not Displaying for Anonymous Users	7	Bug: Usability Support request	2008-09
(0)	URL_ID replaced in a link	4	Bug: Error Bug: Usability	2008-10
(2)	Multimedia Flash unusable due to XSS protection	9 high	Bug: Error Bug: Regression Bug: Usability	2008-10
(1)	topic permissions not working in tiki-list_articles.php	6	Bug: Error Patch Support request	2008-11
(2)	site based on 2.2 + tikipedia attacked at tiki-browse_image.php from galleries	9 high	Bug: Usability	2009-02
(0)	Security:Active XSS in URI allows remote exploitation of user browser	8	Bug: Error	2009-03
(0)	Incorrect permission verification in tiki-upload_file.php		Bug: Security	2009-06
(0)	styles/transitions/2.1to3.0.css file vandalized	8		2009-09
(1)	Modules do not work when called from within wiki pages	8	Bug: Error	2009-11
(0)	Using preg_replace with /e modifier		Bug: Error Feature request Patch	2010-01

Contributors to this page: marclaporte .
Page last modified on Sunday 20 September, 2009 00:57:29 UTC by marclaporte .

SourceHistory

Main Menu

Bugs and Wishes

Report a Bug (or suggest a feature enhancement)
Search Bugs
List yours

About Development

Mailing lists

Extra Stuff

Teams

External Links

Full list of Wiki Pages

TikiWiki on Social Networks

To register

To have an account at this site, please register at Tikiwiki.org (external link)

, and then use that user name and password to log in here.

Search a Wiki Page

Search Tracker Items Subject

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Accessibility (WAI – 508)
Action log 2.x
Administration
Ajax 2.x
Alert 3.x
Articles & Submissions
Backlinks
Banner
Blog
Bookmark
Browser Compatibility
Calendar
Category
Chat
Comment
Communication Center
Consistency
Contacts Address book
Contact us
Content template
Contribution 2.x
Cookie
Copyright
Custom Home (and Group Home Page)
Database independence
Database MySQL
Date and Time
Debugger Console
Directory (of hyperlinks)
Documentation link from Tiki to doc.tikiwiki.org (Help System)
DogFood
Dynamic Content
Dynamic Variable
External Authentication
FAQ
Featured links
File Gallery
Forum
Friendship Network (Community)
Gmap Google maps
Group
Help System
Hotword
HTML Page
i18n (Multilingual, l10n, Babelfish)
Image Gallery
Import-Export
Install
Integrator
Interaction
Inter-User Messages
InterTiki
jQuery
Karma
Live Support
Lost edit protection
Mail-in
Map with Mapserver
Menu
Meta Tag
Missing features
MindMap 3.x
Mobile Tiki and Voice Tiki
Mods
Module
MultiTiki
MyTiki
Newsletter
Notepad
OS independence (Non-Linux, Windows/IIS, Mac, BSD)
Payment 5.x
Performance Speed / Load / Compression / Cache
Permission
Poll
Profile Manager
Quiz
Rating
RSS
Score
Search engine optimization (SEO)
Search
Security
Semantic links 3.x
Shoutbox
Site Identity
Slideshow
Smarty Template
Spam protection (Anti-bot CATPCHA)
Spellcheck
Spreadsheet
Staging and Approval
Stats
Survey
System log
Tags 2.x
Task
Tell a Friend + Social Bookmarking 2.x
TikiTests 2.x
Theme
Toolbar (Quicktags)
Trackers
TRIM
User Administration
User Files
User Menu
Watch
WebHelp
Webmail and Groupmail
WebServices 3.x
Wiki 3D
Wiki History, page rename, etc
Wiki plugins extends basic syntax
Wiki syntax text area, parser, etc
Wiki structure (book and table of content)
Workspaces 4.x
WYSIWTSN 4.x
WYSIWYCA
WYSIWYG 2.x
XMLRPC

Security

Table of contents

Open

Pending

Closed

Sidebar

Main Menu

Sidebar

To register

Search a Wiki Page

Search Tracker Items Subject

Keywords

Last Changed Items

Last Comments

Last Changed Pages