Page 3 of 48 results (0.013 seconds)

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. Mantis anterior a 1.1.0a2 no implementa el control de acceso del por artículo para Issue History (Bug History), lo cual permite a un atacante remoto obtener información sensible a través de la lectura de la columna Change, como se demostró por la columna Change de un campo cliente. • http://bugs.mantisbugtracker.com/view.php?id=3375 http://bugs.mantisbugtracker.com/view.php?id=7364 http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35 http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log http://secunia.com/advisories/23258 http://secunia.com/advisories/28551 http://sourceforge.net/project/shownotes.php? •

CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0

Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. Mantis en versiones anteriores a la 1.1.0a2 establece el valor por defecto del $g_bug_reminder_threshold a "reporter" en vez de un rol con más privilegios, lo cual tiene un impacto desconocido y vectores de ataque, posiblemente relacionado con la frecuencia de los recordatorios. • http://sourceforge.net/project/shownotes.php?release_id=469627 http://www.mantisbugtracker.com/changelog.php •

CVSS: 6.8EPSS: 2%CPEs: 9EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. • http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html http://secunia.com/advisories/19471 http://secunia.com/advisories/21400 http://www.debian.org/security/2006/dsa-1133 http://www.osvdb.org/24292 http://www.securityfocus.com/bid/17326 http://www.vupen.com/english/advisories/2006/1184 https://exchange.xforce.ibmcloud.com/vulnerabilities/25579 •

CVSS: 4.3EPSS: 0%CPEs: 61EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522. • https://www.exploit-db.com/exploits/27229 https://www.exploit-db.com/exploits/27228 http://morph3us.org/advisories/20060214-mantis-100rc4.txt http://secunia.com/advisories/21400 http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059 http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963 http://www.debian.org/security/2006/dsa-1133 http://www.osvdb.org/22487 http://www.osvdb.org/23248 http://www.securityfocus.com/ •

CVSS: 5.0EPSS: 3%CPEs: 61EXPL: 1

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. • http://morph3us.org/advisories/20060214-mantis-100rc4.txt http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059 http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963 http://www.securityfocus.com/archive/1/425046/100/0/threaded http://www.securityfocus.com/bid/16657 https://exchange.xforce.ibmcloud.com/vulnerabilities/24726 •