Web application abuses : MantisBT < 0.19.3 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.20093

Categoría: Web application abuses

Título: MantisBT < 0.19.3 Multiple Vulnerabilities

Resumen: MantisBT is prone to multiple vulnerabilities.

Descripción: Summary:
MantisBT is prone to multiple vulnerabilities.

Vulnerability Insight:
The remote version of MantisBT suffers from a remote file
inclusion vulnerability. Provided PHP's 'register_globals' setting is enabled.

In addition, the installed version reportedly may be prone to SQL injection (SQLi), cross-site
scripting (XSS), and information disclosure attacks.

Vulnerability Impact:
An attacker may be able to leverage this issue to read arbitrary
files on the local host or to execute arbitrary PHP code, possibly taken from third-party
hosts.

Affected Software/OS:
MantisBT versions prior to 0.19.3.

Solution:
Update to version 0.19.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3091
BugTraq ID: 15227
http://www.securityfocus.com/bid/15227
Debian Security Information: DSA-905 (Google Search)
http://www.debian.org/security/2005/dsa-905
http://secunia.com/advisories/16506
http://secunia.com/advisories/17654
Common Vulnerability Exposure (CVE) ID: CVE-2005-3335
BugTraq ID: 15212
http://www.securityfocus.com/bid/15212
http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml
http://bugs.mantisbt.org/changelog_page.php
http://secunia.com/secunia_research/2005-46/advisory/
http://securitytracker.com/id?1015110
http://secunia.com/advisories/16818
http://secunia.com/advisories/17362
http://securityreason.com/securityalert/121
http://www.vupen.com/english/advisories/2005/2221
XForce ISS Database: mantis-tcorepath-file-include(22886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22886
Common Vulnerability Exposure (CVE) ID: CVE-2005-3336
http://www.osvdb.org/20324
Common Vulnerability Exposure (CVE) ID: CVE-2005-3337
http://www.osvdb.org/20321
Common Vulnerability Exposure (CVE) ID: CVE-2005-3338
Common Vulnerability Exposure (CVE) ID: CVE-2005-3339

Copyright Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.20093
Categoría:	Web application abuses
Título:	MantisBT < 0.19.3 Multiple Vulnerabilities
Resumen:	MantisBT is prone to multiple vulnerabilities.
Descripción:	Summary: MantisBT is prone to multiple vulnerabilities. Vulnerability Insight: The remote version of MantisBT suffers from a remote file inclusion vulnerability. Provided PHP's 'register_globals' setting is enabled. In addition, the installed version reportedly may be prone to SQL injection (SQLi), cross-site scripting (XSS), and information disclosure attacks. Vulnerability Impact: An attacker may be able to leverage this issue to read arbitrary files on the local host or to execute arbitrary PHP code, possibly taken from third-party hosts. Affected Software/OS: MantisBT versions prior to 0.19.3. Solution: Update to version 0.19.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3091 BugTraq ID: 15227 http://www.securityfocus.com/bid/15227 Debian Security Information: DSA-905 (Google Search) http://www.debian.org/security/2005/dsa-905 http://secunia.com/advisories/16506 http://secunia.com/advisories/17654 Common Vulnerability Exposure (CVE) ID: CVE-2005-3335 BugTraq ID: 15212 http://www.securityfocus.com/bid/15212 http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml http://bugs.mantisbt.org/changelog_page.php http://secunia.com/secunia_research/2005-46/advisory/ http://securitytracker.com/id?1015110 http://secunia.com/advisories/16818 http://secunia.com/advisories/17362 http://securityreason.com/securityalert/121 http://www.vupen.com/english/advisories/2005/2221 XForce ISS Database: mantis-tcorepath-file-include(22886) https://exchange.xforce.ibmcloud.com/vulnerabilities/22886 Common Vulnerability Exposure (CVE) ID: CVE-2005-3336 http://www.osvdb.org/20324 Common Vulnerability Exposure (CVE) ID: CVE-2005-3337 http://www.osvdb.org/20321 Common Vulnerability Exposure (CVE) ID: CVE-2005-3338 Common Vulnerability Exposure (CVE) ID: CVE-2005-3339
Copyright	Copyright (C) 2005 David Maciejak