26 results (0.011 seconds)

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number. core/string_api.php en Mantis anterior a 1.1.3 no valida los privilegios del visor antes de crear un enlace con los datos de la incidencia en el identificador de origen, lo que permite a atacantes remotos conocer el título y estado de la incidencia a través de una petición con un número de incidencia modificado. • http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384 http://secunia.com/advisories/32243 http://secunia.com/advisories/32975 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.mantisbt.org/bugs/changelog_page.php http://www.mantisbt.org/bugs/view.php?id=9321 http://www.openwall.com/lists/oss-security/2008/10/20/1 http://www.securityfocus.com/bid/31868 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions. Mantis anterior a v1.1.3 no desasigna la cookie de sessión durante el cierre de la misma, lo que facilita a atacantes remotos el secuestro de sesiones. • http://secunia.com/advisories/32975 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.mantisbt.org/bugs/changelog_page.php http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug http://www.mantisbt.org/bugs/view.php?id=9664 http://www.openwall.com/lists/oss-security/2008/10/20/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/46084 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 96%CPEs: 13EXPL: 3

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. manage_proj_page.php en Mantis v1.1.4, permite a usuarios autenticados remotamente ejecutar código de su elección a través de un parámetro "sort" que contiene secuencias PHP y que es procesado por create_function dentro de la función multi_sort en core/utility_api.php. Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page. • https://www.exploit-db.com/exploits/44611 https://www.exploit-db.com/exploits/6768 https://github.com/nmurilo/CVE-2008-4687-exploit http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679 http://secunia.com/advisories/32314 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4470 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.mantisbt.org/bugs/changelog • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.5EPSS: 0%CPEs: 95EXPL: 2

Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en return_dynamic_filters.php en Mantis anterior a 1.1.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "filter_target". • https://www.exploit-db.com/exploits/5657 http://marc.info/?l=bugtraq&m=121130774617956&w=4 http://secunia.com/advisories/30270 http://secunia.com/advisories/31972 http://securityreason.com/securityalert/4044 http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml http://www.mantisbt.org/bugs/changelog_page.php http://www.securityfocus.com/bid/29297 http://www.vupen.com/english/advisories/2008/1598/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 3%CPEs: 95EXPL: 1

Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. Vulnerabilidad de inyección "Eval" en adm_config_set.php en Mantis anterior a 1.1.2, permite a administradores autenticados remotamente ejecutar código de su elección a través del parámetro "value". • https://www.exploit-db.com/exploits/5657 http://marc.info/?l=bugtraq&m=121130774617956&w=4 http://secunia.com/advisories/30270 http://secunia.com/advisories/31972 http://securityreason.com/securityalert/4044 http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml http://www.mantisbt.org/bugs/changelog_page.php http://www.securityfocus.com/bid/29297 http://www.vupen.com/english/advisories/2008/1598/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42550 • CWE-94: Improper Control of Generation of Code ('Code Injection') •