Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-6528

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.

Related bugs and status

CVE-2007-6528 (Candidate) is related to these bugs:

Bug #180702: Multiple vulnerabilities allow XSS and reading of arbitrary files

		In	Importance	Status
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu)	Undecided	Invalid
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu Feisty)	High	Fix Released
180702	Multiple vulnerabilities allow XSS and reading of arbitrary files	tikiwiki (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tikiwiki.org/Re...
BID: 27008
SECUNIA: 28225
SREASON: 3484
GENTOO: GLSA-200801-10
SECUNIA: 28602
OSVDB: 41178
EXPLOIT-DB: 4942
BUGTRAQ: 20071224 [ISecAuditors...