41178 : TikiWiki tiki-listmovies.php movie Parameter Traversal Arbitrary File Access
Printer | http://osvdb.org/41178 | Email This | Edit Vulnerability

Views This Week

Views All Time

413

Info

Last Modified

2 months ago

Percent Complete

Disclosure

Dec 24, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 0% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Keywords

Description

(Description Provided by CVE) : Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.

Classification

Unknown or Incomplete

Products

Unknown or Incomplete

References

CVE ID: 2007-6528 (see also: NVD)
Bugtraq ID: 27008
Secunia Advisory ID: 28225 28602
Related OSVDB ID: 41175 41179
Milw0rm: 4942
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0285.html
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200801-10.xml
Other Advisory URL: http://securityreason.com/securityalert/3484
Vendor URL: http://tikiwiki.org/
Vendor Specific News/Changelog Entry: http://tikiwiki.org/ReleaseProcess199

Tools & Filters

Nessus	30089

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2007/12/28 04:10:57 | Cve-2007-6528

from: HeapOverflow Computer Security Community & Forums : Heap Overflow.com

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. More...

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Products

References

Tools & Filters

Credit

Blogs

Comments