ID de Prueba:	1.3.6.1.4.1.25623.1.0.19473
Categoría:	Web application abuses
Título:	MantisBT < 1.0.0rc2 Multiple Vulnerabilities
Resumen:	MantisBT is prone to multiple vulnerabilities.
Descripción:	Summary: MantisBT is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - MantisBT failed to sanitize user-supplied input to the 'g_db_type' parameter of the 'core/database_api.php' script. - Multiple cross-site scripting (XSS) issues Vulnerability Impact: Provided PHP's 'register_globals' setting is enabled, an attacker may be able to exploit this to connect to arbitrary databases as well as scan for arbitrary open ports, even on an internal network. Solution: Update to version 1.0.0rc2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2556 BugTraq ID: 14604 http://www.securityfocus.com/bid/14604 Bugtraq: 20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=112786017426276&w=2 Debian Security Information: DSA-778 (Google Search) http://www.debian.org/security/2005/dsa-778 http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml http://secunia.com/advisories/16506 Common Vulnerability Exposure (CVE) ID: CVE-2005-2557 XForce ISS Database: mantis-bug-report-xss(21958) https://exchange.xforce.ibmcloud.com/vulnerabilities/21958 Common Vulnerability Exposure (CVE) ID: CVE-2005-3090 Common Vulnerability Exposure (CVE) ID: CVE-2005-3091 BugTraq ID: 15227 http://www.securityfocus.com/bid/15227 Debian Security Information: DSA-905 (Google Search) http://www.debian.org/security/2005/dsa-905 http://secunia.com/advisories/17654
Copyright	Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.