CVE-2014-9089
https://notcve.org/view.php?id=CVE-2014-9089
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. Múltiples vulnerabilidades de inyección SQL en view_all_bug_page.php en MantisBT anterior a 1.2.18 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) sort o (2) dir en view_all_set.php. • http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 http://www.openwall.com/lists/oss-security/2014/11/25/14 http://www.openwall.com/lists/oss-security/2014/11/26/6 http://www.securityfocus.com/bid/71298 https://github.com/mantisbt/mantisbt/commit/b0021673ab23249244119bde3c7fcecd4daa4e7f https://www.mantisbt.org/bugs/view.php?id=17841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-8598 – Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection
https://notcve.org/view.php?id=CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. El plugin XML Import/Export en MantisBT 1.2.x no restringe el acceso, lo que permite a atacantes remotos (1) subir código XML arbitrario mediante la página 'import' o (2) obtener información sensible mediante la página 'export'. NOTA: este fallo puede ser combinado con la CVE-2014-7146 y ejecutar código PHP arbitrario. • https://www.exploit-db.com/exploits/41685 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 http://www.mantisbt.org/bugs/view.php?id=17780 http://www.openwall.com/lists/oss-security/2014/11/07/28 http://www.securityfocus.com/bid/70996 https://exchange.xforce.ibmcloud.com/vulnerabilities/98573 https://github.com/mantisbt/mantisbt/commit/80a15487 https://www.mantisbt.org/bugs/view.php?id=17725 https://www.mantisbt.org/bugs/view.php?id • CWE-19: Data Processing Errors •
CVE-2014-8554
https://notcve.org/view.php?id=CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. Una vulnerabilidad de inyección SQL en la función mc_project_get_attachments en api/soap/mc_project_api.php en MantisBT anterior a 1.2.18 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro project_id. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2014-1609. • http://seclists.org/oss-sec/2014/q4/479 http://seclists.org/oss-sec/2014/q4/487 http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 http://www.mantisbt.org/bugs/view.php?id=16880 http://www.mantisbt.org/bugs/view.php?id=17812 http://www.securityfocus.com/bid/70856 https://exchange.xforce.ibmcloud.com/vulnerabilities/98457 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-6387
https://notcve.org/view.php?id=CVE-2014-6387
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. gpc_api.php en MantisBT 1.2.17 y anteriores permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un byte nulo, lo que provoca un bind no autenticado. • http://www.mantisbt.org/bugs/view.php?id=17640 http://www.openwall.com/lists/oss-security/2014/09/12/11 http://www.openwall.com/lists/oss-security/2014/09/12/14 http://www.openwall.com/lists/oss-security/2014/09/13/1 • CWE-287: Improper Authentication •
CVE-2014-1609
https://notcve.org/view.php?id=CVE-2014-1609
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608. Múltiples vulnerabilidades de inyección SQL en MantisBT anterior a 1.2.16 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de parámetros no especificados hacia (1) la función mc_project_get_attachments en api/soap/mc_project_api.php; (2) la función news_get_limited_rows en core/news_api.php; la función (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter o (7) summary_print_by_category en core/summary_api.php; la función (8) create_bug_enum_summary o (9) enum_bug_group en plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php o (11) bug_graph_bystatus.php en plugins/MantisGraph/pages/ o (12) proj_doc_page.php, relacionado con el uso de la función db_query, una vulnerabilidad diferente a CVE-2014-1608. • http://secunia.com/advisories/61432 http://www.debian.org/security/2014/dsa-3030 http://www.mantisbt.org/bugs/view.php?id=16880 http://www.ocert.org/advisories/ocert-2014-001.html http://www.securityfocus.com/bid/65461 https://bugzilla.redhat.com/show_bug.cgi?id=1063111 https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •