 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.62858 |
| Kategorie: | FreeBSD Local Security Checks |
| Titel: | FreeBSD Ports: mantis |
| Zusammenfassung: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mantis CVE-2008-2276 Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. CVE-2008-3331 Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. CVE-2008-3332 Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. CVE-2008-3333 Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-2276 BugTraq ID: 29297 http://www.securityfocus.com/bid/29297 Bugtraq: 20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=121130774617956&w=4 https://www.exploit-db.com/exploits/5657 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00801.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00813.html http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml http://secunia.com/advisories/30270 http://secunia.com/advisories/31171 http://secunia.com/advisories/31972 http://www.vupen.com/english/advisories/2008/1598/references XForce ISS Database: mantis-usercreate-csrf(42447) https://exchange.xforce.ibmcloud.com/vulnerabilities/42447 Common Vulnerability Exposure (CVE) ID: CVE-2008-3331 http://securityreason.com/securityalert/4044 XForce ISS Database: mantis-returndynamicfilters-xss(42549) https://exchange.xforce.ibmcloud.com/vulnerabilities/42549 Common Vulnerability Exposure (CVE) ID: CVE-2008-3332 XForce ISS Database: mantis-admconfigset-code-execution(42550) https://exchange.xforce.ibmcloud.com/vulnerabilities/42550 Common Vulnerability Exposure (CVE) ID: CVE-2008-3333 BugTraq ID: 30354 http://www.securityfocus.com/bid/30354 XForce ISS Database: mantis-accountprefsupdate-file-include(43984) https://exchange.xforce.ibmcloud.com/vulnerabilities/43984 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |