Web application abuses : Multiple Vulnerabilities in MercuryBoard

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.16247

Categoría: Web application abuses

Título: Multiple Vulnerabilities in MercuryBoard

Resumen: The remote host is running MercuryBoard, a message board system written inPHP.;; Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site; scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been; installed.

Descripción: Summary:
The remote host is running MercuryBoard, a message board system written inPHP.

Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site
scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been
installed.

Solution:
Upgrade to MercuryBoard version 1.1.3.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 12359
BugTraq ID: 12503
BugTraq ID: 12578
BugTraq ID: 12706
BugTraq ID: 12707
BugTraq ID: 12872
Common Vulnerability Exposure (CVE) ID: CVE-2005-0306
http://www.securityfocus.com/bid/12359
Bugtraq: 20050124 Multiple vulnerabilities in MercuryBoard 1.1.1 (Google Search)
http://marc.info/?l=bugtraq&m=110661795632354&w=2
XForce ISS Database: mercuryboard-multiple-script-path-disclosure(19048)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19048
Common Vulnerability Exposure (CVE) ID: CVE-2005-0307
XForce ISS Database: mercuryboard-multiple-scripts-xss(19050)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19050
Common Vulnerability Exposure (CVE) ID: CVE-2005-0414
Bugtraq: 20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection (Google Search)
http://marc.info/?l=bugtraq&m=110797495532358&w=2
http://securitytracker.com/id?1013137
XForce ISS Database: mercuryboard-index-sql-injection(19051)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19051
Common Vulnerability Exposure (CVE) ID: CVE-2005-0460
http://lostmon.blogspot.com/2005/02/mercuryboard-debug-information.html
http://www.osvdb.org/13787
http://secunia.com/advisories/14284
Common Vulnerability Exposure (CVE) ID: CVE-2005-0462
http://lostmon.blogspot.com/2005/02/mercuryboard-forumphp-f-variable-xss.html
http://secunia.com/advisories/13937
Common Vulnerability Exposure (CVE) ID: CVE-2005-0662
http://www.osvdb.org/14308
http://secunia.com/advisories/14414
Common Vulnerability Exposure (CVE) ID: CVE-2005-0663
Common Vulnerability Exposure (CVE) ID: CVE-2005-0878
http://www.securityfocus.com/bid/12872
http://secunia.com/advisories/14679
XForce ISS Database: mercuryboard-title-pm-xss(19797)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19797

Copyright This script is Copyright (C) 2005 Noam Rathaus

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.16247
Categoría:	Web application abuses
Título:	Multiple Vulnerabilities in MercuryBoard
Resumen:	The remote host is running MercuryBoard, a message board system written inPHP.;; Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site; scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been; installed.
Descripción:	Summary: The remote host is running MercuryBoard, a message board system written inPHP. Multiple vulnerabilities have been discovered in the product that allow an attacker to cause numerous cross site scripting attacks, inject arbitrary SQL statements and disclose the path under which the product has been installed. Solution: Upgrade to MercuryBoard version 1.1.3. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 12359 BugTraq ID: 12503 BugTraq ID: 12578 BugTraq ID: 12706 BugTraq ID: 12707 BugTraq ID: 12872 Common Vulnerability Exposure (CVE) ID: CVE-2005-0306 http://www.securityfocus.com/bid/12359 Bugtraq: 20050124 Multiple vulnerabilities in MercuryBoard 1.1.1 (Google Search) http://marc.info/?l=bugtraq&m=110661795632354&w=2 XForce ISS Database: mercuryboard-multiple-script-path-disclosure(19048) https://exchange.xforce.ibmcloud.com/vulnerabilities/19048 Common Vulnerability Exposure (CVE) ID: CVE-2005-0307 XForce ISS Database: mercuryboard-multiple-scripts-xss(19050) https://exchange.xforce.ibmcloud.com/vulnerabilities/19050 Common Vulnerability Exposure (CVE) ID: CVE-2005-0414 Bugtraq: 20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection (Google Search) http://marc.info/?l=bugtraq&m=110797495532358&w=2 http://securitytracker.com/id?1013137 XForce ISS Database: mercuryboard-index-sql-injection(19051) https://exchange.xforce.ibmcloud.com/vulnerabilities/19051 Common Vulnerability Exposure (CVE) ID: CVE-2005-0460 http://lostmon.blogspot.com/2005/02/mercuryboard-debug-information.html http://www.osvdb.org/13787 http://secunia.com/advisories/14284 Common Vulnerability Exposure (CVE) ID: CVE-2005-0462 http://lostmon.blogspot.com/2005/02/mercuryboard-forumphp-f-variable-xss.html http://secunia.com/advisories/13937 Common Vulnerability Exposure (CVE) ID: CVE-2005-0662 http://www.osvdb.org/14308 http://secunia.com/advisories/14414 Common Vulnerability Exposure (CVE) ID: CVE-2005-0663 Common Vulnerability Exposure (CVE) ID: CVE-2005-0878 http://www.securityfocus.com/bid/12872 http://secunia.com/advisories/14679 XForce ISS Database: mercuryboard-title-pm-xss(19797) https://exchange.xforce.ibmcloud.com/vulnerabilities/19797
Copyright	This script is Copyright (C) 2005 Noam Rathaus