Skip to main content

Custom Share Module 0.1dev

View Articles

List Articles

Important Security Fix for all versions of Tiki

gezza -

The Tiki Community wishes to alert all users of an important security fix included in the new minor releases of all supported versions of Tiki (14.2, 12.5 LTS, 9.11 LTS and 6.15)

In particular, there is a critical issue that could allow arbitrary code execution affecting the calendar feature.

All users should immediately upgrade their Tiki installations, and if that is not possible, at least disable the calendar feature, or at the very minimum make the calendar feature accessible only to trusted users, until the upgrade can be completed.

Downloads are available at: http://tiki.org/download

Thanks to Dany Ouellet (http://securesc.ca/) for reporting the vulnerability!

Tiki under attack

Oliver Hertel -

Maybe you already found this domain partially unavailable this weekend. Some russian hackers are attacking tiki installations currently, trying to install spam and/or DoS bots. We are working at it and hope to have solved the problems soon.

Sorry for the inconveniences.

Details and quick fix here!

Tikiwiki security release

Mose -

This release fixes a recently declared XSS vulnerability. Anyone using Tikiwiki 1.9.x should upgrade as soon as possible. This release only fixes the security flaw and doesn't include any new feature.

Security Fix

Florian Gleixner -

Gulftech Research pointed us to a bug in the xmlrpc library. This bug can be used to execute any php code remote. This is a serious security flaw and we encourage you to either use a workaround or to install updated xmlrpc libraries immediately.

January Security Alert

Damian Parker -

It has been brought to the security team's attention that yet more problems exist in TikiWiki; these are similar to the Christmas Alert, but affect a different directory. Everyone is required to read and take corrective action. If you do not take action you could lose your entire server!

Weihnachts Sicherheitswarnung: php injection

mose -

Wichtiger Sicherheitshinweis für alle TikiWiki Administratoren und Entwickler, der alle Versionen von Tikiwiki betrifft: falls Sie ein Tikiwiki System betreiben, dann lesen Sie bitte die Einzelheiten dieses Beitrags, er enthält eine schnelle Lösung (eine Zeile in einer Datei) für ein Sicherheitsproblem.