Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:CGI abuses
Title:Mantis Multiple Flaws

The remote host is running the Mantis bug tracker.

The version of Mantis which is being used contains various
flaws which may allow an atacker to view bugs it should not
see, get a list of projects that should be hidden, and
inject SQL commands.

Solution : Upgrade to Mantis 0.17.5 or newer
Risk factor : High

Cross-Ref: BugTraq ID: 5504
BugTraq ID: 5509
BugTraq ID: 5510
BugTraq ID: 5514
BugTraq ID: 5515
BugTraq ID: 5563
BugTraq ID: 5565
Common Vulnerability Exposure (CVE) ID: CVE-2002-1110
Bugtraq: 20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis (Google Search)
Debian Security Information: DSA-153 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1111
Bugtraq: 20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed (Google Search)
XForce ISS Database: mantis-limit-reporters-bypass(9898)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1112
Bugtraq: 20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation (Google Search)
XForce ISS Database: mantis-private-project-bug-listing(9899)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1113
Bugtraq: 20020813 mantisbt security flaw (Google Search)
Bugtraq: 20020819 [Mantis Advisory/2002-04] Arbitrary code execution (Google Search)
XForce ISS Database: mantis-include-remote-files(9829)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1114
Bugtraq: 20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis (Google Search)
CopyrightThis script is Copyright (C) 2003 Tenable Network Security

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.