Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Hiki Configuration File Embedded Ruby Code Execution

Network Security News – Sunday, September 25, 2005 Events

Hiki Configuration File Embedded Ruby Code Execution

Hiki contains a flaw that may allow a malicious user to gain access to unauthorized privileges. In versions 0.6.3 and 0.7-devel-20040407, an attacker, who has first bypassed the application's authentication by issuing artibrary queries as though following the "OK" link, may embed arbitrary code into the configuration file, which runs with the privileges of the CGI program. In versions 0.6.4 and 0.7-devel-20040618, the attacker must be an authenticated user before being allowed to embed arbitrary code in the configuration file. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19341

Hiki Crafted Query Management Authentication Bypass

Hiki contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the attacker bypasses the application's authentication by issuing artibrary queries as though following the "OK" link. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19340

Hiki attach Plug-in Page Name XSS

Hiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page name' from the 'attach' plug-in. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19335

Hiki Editing Mode Page Name XSS

Hiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the page names in editing mode. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19334

Hiki local_css Plug-in Multiple Field XSS

Hiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme_url' and 'local_them_url' from the

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *