Web application abuses : MantisBT < 1.2.4 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801692

Categoría: Web application abuses

Título: MantisBT < 1.2.4 Multiple Vulnerabilities

Resumen: MantisBT is prone to multiple vulnerabilities.

Descripción: Summary:
MantisBT is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are caused by improper validation of user-supplied input via the
'db_type' parameter in 'admin/upgrade_unattended.php' that allows the
attackers to inject arbitrary web script or HTML, obtain sensitive information
and execute arbitrary local files.

Vulnerability Impact:
Successful exploitation will allow attackers to inject arbitrary web script
or HTML, obtain sensitive information and execute arbitrary local files.

Affected Software/OS:
MantisBT version prior to 1.2.4.

Solution:
Update to version 1.2.4 or later.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4348
42772
http://secunia.com/advisories/42772
51199
http://secunia.com/advisories/51199
ADV-2011-0002
http://www.vupen.com/english/advisories/2011/0002
FEDORA-2010-19070
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
FEDORA-2010-19078
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
GLSA-201211-01
http://security.gentoo.org/glsa/glsa-201211-01.xml
[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
http://openwall.com/lists/oss-security/2010/12/15/4
[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
http://openwall.com/lists/oss-security/2010/12/16/1
http://www.mantisbt.org/blog/?p=123
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230
Common Vulnerability Exposure (CVE) ID: CVE-2010-4349
mantisbt-dbtype-path-disclosure(64463)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463
Common Vulnerability Exposure (CVE) ID: CVE-2010-4350
[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
http://openwall.com/lists/oss-security/2010/12/15/5
[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
http://openwall.com/lists/oss-security/2010/12/16/2
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801692
Categoría:	Web application abuses
Título:	MantisBT < 1.2.4 Multiple Vulnerabilities
Resumen:	MantisBT is prone to multiple vulnerabilities.
Descripción:	Summary: MantisBT is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input via the 'db_type' parameter in 'admin/upgrade_unattended.php' that allows the attackers to inject arbitrary web script or HTML, obtain sensitive information and execute arbitrary local files. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary web script or HTML, obtain sensitive information and execute arbitrary local files. Affected Software/OS: MantisBT version prior to 1.2.4. Solution: Update to version 1.2.4 or later. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4348 42772 http://secunia.com/advisories/42772 51199 http://secunia.com/advisories/51199 ADV-2011-0002 http://www.vupen.com/english/advisories/2011/0002 FEDORA-2010-19070 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html FEDORA-2010-19078 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html GLSA-201211-01 http://security.gentoo.org/glsa/glsa-201211-01.xml [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/15/4 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/16/1 http://www.mantisbt.org/blog/?p=123 http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 http://www.mantisbt.org/bugs/view.php?id=12607 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php https://bugzilla.redhat.com/show_bug.cgi?id=663230 Common Vulnerability Exposure (CVE) ID: CVE-2010-4349 mantisbt-dbtype-path-disclosure(64463) https://exchange.xforce.ibmcloud.com/vulnerabilities/64463 Common Vulnerability Exposure (CVE) ID: CVE-2010-4350 [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/15/5 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/16/2 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php
Copyright	Copyright (C) 2011 Greenbone Networks GmbH