Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11653
Category:CGI abuses
Title:Mantis Multiple Flaws
Summary:NOSUMMARY
Description:Description:

The remote host is running the Mantis bug tracker.

The version of Mantis which is being used contains various
flaws which may allow an atacker to view bugs it should not
see, get a list of projects that should be hidden, and
inject SQL commands.

Solution : Upgrade to Mantis 0.17.5 or newer
Risk factor : High

Cross-Ref: BugTraq ID: 5504
BugTraq ID: 5509
BugTraq ID: 5510
BugTraq ID: 5514
BugTraq ID: 5515
BugTraq ID: 5563
BugTraq ID: 5565
Common Vulnerability Exposure (CVE) ID: CVE-2002-1110
http://www.securityfocus.com/bid/5510
Bugtraq: 20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis (Google Search)
http://marc.info/?l=bugtraq&m=102978728718851&w=2
Debian Security Information: DSA-153 (Google Search)
http://www.debian.org/security/2002/dsa-153
http://www.iss.net/security_center/static/9897.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-1111
http://www.securityfocus.com/bid/5515
Bugtraq: 20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed (Google Search)
http://marc.info/?l=bugtraq&m=102978873620491&w=2
XForce ISS Database: mantis-limit-reporters-bypass(9898)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9898
Common Vulnerability Exposure (CVE) ID: CVE-2002-1112
http://www.securityfocus.com/bid/5514
Bugtraq: 20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation (Google Search)
http://marc.info/?l=bugtraq&m=102978673018271&w=2
XForce ISS Database: mantis-private-project-bug-listing(9899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9899
Common Vulnerability Exposure (CVE) ID: CVE-2002-1113
http://www.securityfocus.com/bid/5504
Bugtraq: 20020813 mantisbt security flaw (Google Search)
http://marc.info/?l=bugtraq&m=102927873301965&w=2
Bugtraq: 20020819 [Mantis Advisory/2002-04] Arbitrary code execution (Google Search)
http://marc.info/?l=bugtraq&m=102978924821040&w=2
http://www.osvdb.org/4858
XForce ISS Database: mantis-include-remote-files(9829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9829
Common Vulnerability Exposure (CVE) ID: CVE-2002-1114
http://www.securityfocus.com/bid/5509
Bugtraq: 20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis (Google Search)
http://marc.info/?l=bugtraq&m=102978711618648&w=2
http://www.iss.net/security_center/static/9900.php
CopyrightThis script is Copyright (C) 2003 Tenable Network Security

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.