All the vulnerabilites related to mantis - mantis
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"id": "CVE-2004-2666",
"lastModified": "2024-11-20T23:53:56.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"id": "CVE-2005-3338",
"lastModified": "2024-11-21T00:01:39.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2024-11-21 00:05
Severity ?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"id": "CVE-2006-0147",
"lastModified": "2024-11-21T00:05:45.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E1AE7-A73F-43B2-AA6D-DB700E25880B",
"versionEndIncluding": "1.0.0_rc3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2005-4523",
"lastModified": "2024-11-21T00:04:28.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"id": "CVE-2005-3335",
"lastModified": "2024-11-21T00:01:39.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/121"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015110"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-20 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
],
"id": "CVE-2004-1731",
"lastModified": "2024-11-20T23:51:36.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
],
"id": "CVE-2005-4521",
"lastModified": "2024-11-21T00:04:28.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-07 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
},
{
"lang": "es",
"value": "Mantis 0.17.5 y anteriores almacena sus contrase\u00f1as de base de datos en un fichero de configuraci\u00f3n legible por todo el mundo, lo que permite a usuarios locales realizar operaciones de base de datos no permitidas."
}
],
"id": "CVE-2003-0499",
"lastModified": "2024-11-20T23:44:52.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2003/dsa-335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
],
"id": "CVE-2005-4518",
"lastModified": "2024-11-21T00:04:27.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22056"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 22:03
Modified
2024-11-21 00:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
],
"id": "CVE-2005-3091",
"lastModified": "2024-11-21T00:01:06.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
],
"id": "CVE-2002-1112",
"lastModified": "2024-11-20T23:40:37.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 21:03
Modified
2024-11-20 23:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| gentoo | linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
],
"id": "CVE-2005-2557",
"lastModified": "2024-11-20T23:59:49.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T21:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-02 21:04
Modified
2024-11-21 00:09
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"id": "CVE-2006-1577",
"lastModified": "2024-11-21T00:09:13.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-02T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19471"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24292"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
],
"id": "CVE-2002-1110",
"lastModified": "2024-11-20T23:40:37.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5510"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-22 02:02
Modified
2024-11-21 00:07
Severity ?
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6949CF6-A082-4D46-A5A2-E11C138F1085",
"versionEndIncluding": "1.0.0_rc4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"id": "CVE-2006-0840",
"lastModified": "2024-11-21T00:07:27.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-22T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n \"Eval\" en adm_config_set.php en Mantis anterior a 1.1.2, permite a administradores autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"value\"."
}
],
"id": "CVE-2008-3332",
"lastModified": "2024-11-21T00:48:59.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-13 11:06
Modified
2024-11-21 00:07
Severity ?
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 | |
| mantis | mantis | 0.17.4 | |
| mantis | mantis | 0.17.4a | |
| mantis | mantis | 0.17.5 | |
| mantis | mantis | 0.18 | |
| mantis | mantis | 0.18.0_rc1 | |
| mantis | mantis | 0.18.0a2 | |
| mantis | mantis | 0.18.0a3 | |
| mantis | mantis | 0.18.0a4 | |
| mantis | mantis | 0.18.2 | |
| mantis | mantis | 0.18.3 | |
| mantis | mantis | 0.18a1 | |
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 0.19.3 | |
| mantis | mantis | 0.19.4 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"id": "CVE-2006-0665",
"lastModified": "2024-11-21T00:07:02.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2024-11-21 00:52
Severity ?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
},
{
"lang": "es",
"value": "core/string_api.php en Mantis anterior a 1.1.3 no valida los privilegios del visor antes de crear un enlace con los datos de la incidencia en el identificador de origen, lo que permite a atacantes remotos conocer el t\u00edtulo y estado de la incidencia a trav\u00e9s de una petici\u00f3n con un n\u00famero de incidencia modificado."
}
],
"id": "CVE-2008-4688",
"lastModified": "2024-11-21T00:52:17.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo core/lang_api.php en Mantis anterior a versi\u00f3n 1.1.2, permite a los atacantes remotos incluir y ejecutar archivos arbitrarios por medio del par\u00e1metro language en la p\u00e1gina de preferencias del usuario (archivo account_prefs_update.php)."
}
],
"id": "CVE-2008-3333",
"lastModified": "2024-11-21T00:48:59.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
],
"id": "CVE-2004-1730",
"lastModified": "2024-11-20T23:51:36.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12338"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-03 22:46
Modified
2024-11-21 00:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo view.php en Mantis versiones anteriores a 1.1.0, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del filename, relacionado con el archivo bug_report.php."
}
],
"id": "CVE-2007-6611",
"lastModified": "2024-11-21T00:40:35.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-03T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
],
"id": "CVE-2002-1113",
"lastModified": "2024-11-20T23:40:37.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4858"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"id": "CVE-2005-4520",
"lastModified": "2024-11-21T00:04:27.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 22:03
Modified
2024-11-21 00:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
],
"id": "CVE-2005-3090",
"lastModified": "2024-11-21T00:01:06.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"id": "CVE-2005-4522",
"lastModified": "2024-11-21T00:04:28.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22053"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"id": "CVE-2005-3337",
"lastModified": "2024-11-21T00:01:39.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-13 11:06
Modified
2024-11-21 00:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 | |
| mantis | mantis | 0.17.4 | |
| mantis | mantis | 0.17.4a | |
| mantis | mantis | 0.17.5 | |
| mantis | mantis | 0.18 | |
| mantis | mantis | 0.18.0_rc1 | |
| mantis | mantis | 0.18.0a2 | |
| mantis | mantis | 0.18.0a3 | |
| mantis | mantis | 0.18.0a4 | |
| mantis | mantis | 0.18.2 | |
| mantis | mantis | 0.18.3 | |
| mantis | mantis | 0.18a1 | |
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 0.19.3 | |
| mantis | mantis | 0.19.4 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"id": "CVE-2006-0664",
"lastModified": "2024-11-21T00:07:02.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-23 12:00
Modified
2024-11-21 00:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD01725-8887-4005-980A-EAC77E3AC5E8",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Mantis versiones anteriores a 1.1.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con el resumen de \"Most active bugs\"."
}
],
"id": "CVE-2008-0404",
"lastModified": "2024-11-21T00:42:00.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-23T12:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
],
"id": "CVE-2002-1114",
"lastModified": "2024-11-20T23:40:37.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
],
"id": "CVE-2002-1111",
"lastModified": "2024-11-20T23:40:37.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5515"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
],
"id": "CVE-2002-1116",
"lastModified": "2024-11-20T23:40:37.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5565"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-14 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | * | |
| mantis | mantis | 1.0.0 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0_rc5 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| mantis | mantis | 1.0.1 | |
| mantis | mantis | 1.0.2 | |
| mantis | mantis | 1.0.3 | |
| mantis | mantis | 1.0.4 | |
| mantis | mantis | 1.0.5 | |
| mantis | mantis | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
},
{
"lang": "es",
"value": "Mantis en versiones anteriores a la 1.1.0a2 establece el valor por defecto del $g_bug_reminder_threshold a \"reporter\" en vez de un rol con m\u00e1s privilegios, lo cual tiene un impacto desconocido y vectores de ataque, posiblemente relacionado con la frecuencia de los recordatorios."
}
],
"id": "CVE-2006-6515",
"lastModified": "2024-11-21T00:22:52.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-14T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2024-11-21 00:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en return_dynamic_filters.php en Mantis anterior a 1.1.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"filter_target\"."
}
],
"evaluatorComment": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4\r\n\r\n\"We have found an XSS vulnerability in return_dynamic_filters.php. In\r\norder to exploit this vulnerability the attacker must be authenticated.\r\nUsually the anonymous user is allowed on typical installation\"",
"id": "CVE-2008-3331",
"lastModified": "2024-11-21T00:48:59.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
],
"id": "CVE-2005-4524",
"lastModified": "2024-11-21T00:04:28.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2024-11-21 00:04
Severity ?
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C952E055-D5AC-4C5E-9B7E-CB58247FB795",
"versionEndIncluding": "0.19.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E1AE7-A73F-43B2-AA6D-DB700E25880B",
"versionEndIncluding": "1.0.0_rc3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"id": "CVE-2005-4519",
"lastModified": "2024-11-21T00:04:27.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22051"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22052"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
],
"id": "CVE-2002-1115",
"lastModified": "2024-11-20T23:40:37.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2024-11-21 00:05
Severity ?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE171CCD-6AEE-4FCB-9F45-C7CFDE84D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"id": "CVE-2006-0146",
"lastModified": "2024-11-21T00:05:45.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"id": "CVE-2005-4238",
"lastModified": "2024-11-21T00:03:45.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18018"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2874"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2024-11-21 00:52
Severity ?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
},
{
"lang": "es",
"value": "manage_proj_page.php en Mantis v1.1.4, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro \"sort\" que contiene secuencias PHP y que es procesado por create_function dentro de la funci\u00f3n multi_sort en core/utility_api.php."
}
],
"id": "CVE-2008-4687",
"lastModified": "2024-11-21T00:52:17.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-24 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
],
"id": "CVE-2005-2556",
"lastModified": "2024-11-20T23:59:49.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-24T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "security@debian.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-22 02:02
Modified
2024-11-21 00:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"id": "CVE-2006-0841",
"lastModified": "2024-11-21T00:07:27.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-22T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22487"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23248"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"id": "CVE-2005-3339",
"lastModified": "2024-11-21T00:01:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2024-11-21 00:52
Severity ?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F47971-BB00-499D-BDC4-5E24EA2FC79B",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
},
{
"lang": "es",
"value": "Mantis anterior a v1.1.3 no desasigna la cookie de sessi\u00f3n durante el cierre de la misma, lo que facilita a atacantes remotos el secuestro de sesiones."
}
],
"id": "CVE-2008-4689",
"lastModified": "2024-11-21T00:52:17.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.270",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2004-1734",
"lastModified": "2024-11-20T23:51:36.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10993"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-15 19:28
Modified
2024-11-21 00:23
Severity ?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | * | |
| mantis | mantis | 1.0.0 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0_rc5 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| mantis | mantis | 1.0.1 | |
| mantis | mantis | 1.0.2 | |
| mantis | mantis | 1.0.3 | |
| mantis | mantis | 1.0.4 | |
| mantis | mantis | 1.0.5 | |
| mantis | mantis | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
},
{
"lang": "es",
"value": "Mantis anterior a 1.1.0a2 no implementa el control de acceso del por art\u00edculo para Issue History (Bug History), lo cual permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de la lectura de la columna Change, como se demostr\u00f3 por la columna Change de un campo cliente."
}
],
"id": "CVE-2006-6574",
"lastModified": "2024-11-21T00:23:00.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"id": "CVE-2005-3336",
"lastModified": "2024-11-21T00:01:39.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20324"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-6611
Vulnerability from cvelistv5
Published
2008-01-03 22:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0664
Vulnerability from cvelistv5
Published
2006-02-13 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24585 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/0485 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/21400 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/16561 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0664",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1112
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-153 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=102978673018271&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5514 | vdb-entry, x_refsource_BID | |
| http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9899 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5514"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1112",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0404
Vulnerability from cvelistv5
Published
2008-01-23 11:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=569765 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28591 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28577 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.vupen.com/english/advisories/2008/0232 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39801 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/27367 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=429552 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3090
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-778 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=112786017426276&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3090",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:57.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2666
Vulnerability from cvelistv5
Published
2006-12-15 19:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25 | x_refsource_MISC | |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log | x_refsource_MISC | |
| http://bugs.mantisbugtracker.com/view.php?id=4724 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4238
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15842 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2005/2874 | vdb-entry, x_refsource_VUPEN | |
| http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/18018 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4238",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1577
Vulnerability from cvelistv5
Published
2006-04-02 21:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/19471 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/17326 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/24292 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/21400 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2006/1184 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25579 | vdb-entry, x_refsource_XF | |
| http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"name": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1577",
"datePublished": "2006-04-02T21:00:00",
"dateReserved": "2006-04-02T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3332
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42550 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30270 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=121130774617956&w=4 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/5657 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/31972 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1598/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29297 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/4044 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4523
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4523",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1114
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102978711618648&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9900.php | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2002/dsa-153 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/5509 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1114",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1110
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9897.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=102978728718851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5510 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2002/dsa-153 | vendor-advisory, x_refsource_DEBIAN | |
| http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-user-sql-injection(9897)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-user-sql-injection(9897)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-user-sql-injection(9897)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1110",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0841
Vulnerability from cvelistv5
Published
2006-02-22 02:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16657 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963 | x_refsource_MISC | |
| http://secunia.com/advisories/21400 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/archive/1/425046/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/23248 | vdb-entry, x_refsource_OSVDB | |
| http://morph3us.org/advisories/20060214-mantis-100rc4.txt | x_refsource_MISC | |
| http://www.osvdb.org/22487 | vdb-entry, x_refsource_OSVDB | |
| http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23248"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22487"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0841",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3336
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisory, x_refsource_DEBIAN | |
| http://sourceforge.net/project/shownotes.php?release_id=362673 | x_refsource_CONFIRM | |
| http://www.osvdb.org/20324 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2005/2221 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17654 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/17362 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/16818 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15227 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3336",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4524
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4524",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3339
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17654 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/17362 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15227 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3339",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6515
Vulnerability from cvelistv5
Published
2006-12-14 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=469627 | x_refsource_CONFIRM | |
| http://www.mantisbugtracker.com/changelog.php | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6515",
"datePublished": "2006-12-14T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1111
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-153 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=102978873620491&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9898 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5515 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1111",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1115
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/9954.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=103013249211164&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5563 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2002/dsa-161 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1115",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4689
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/32975 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.mantisbt.org/bugs/view.php?id=9664 | x_refsource_CONFIRM | |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46084 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2008/10/20/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0665
Vulnerability from cvelistv5
Published
2006-02-13 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0485 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/21400 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/16561 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0665",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0840
Vulnerability from cvelistv5
Published
2006-02-22 02:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16657 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24726 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/425046/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://morph3us.org/advisories/20060214-mantis-100rc4.txt | x_refsource_MISC | |
| http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0840",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4521
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16046/ | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4521",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3333
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30354 | vdb-entry, x_refsource_BID | |
| http://www.mantisbt.org/bugs/view.php?id=9154 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43984 | vdb-entry, x_refsource_XF | |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=456044 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30270 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/31972 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29297 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3091
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-905 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17654 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mantisbt.org/changelog.php | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/15227 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3091",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1113
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-153 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/5504 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9829 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/4858 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=102978924821040&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=102927873301965&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1113",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0146
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4518
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/22056 | vdb-entry, x_refsource_OSVDB | |
| http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16046/ | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22056"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4518",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1116
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2002/dsa-161 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/9955 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=103014152320112&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5565 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1116",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1811
Vulnerability from cvelistv5
Published
2019-11-07 22:28
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-1811 | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3120 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/03/03/6 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/03/04/9 | x_refsource_MISC | |
| https://mantisbt.org/bugs/view.php?id=15258 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1730
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17072 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17066 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/12338 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17070 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109312225727345&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10994 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17069 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-viewallset-xss(17072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-viewallset-xss(17072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-viewallset-xss(17072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1730",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4688
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/32243 | third-party-advisory, x_refsource_SECUNIA | |
| http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285&r2=5384&pathrev=5384 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/31868 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32975 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2008/10/20/1 | mailing-list, x_refsource_MLIST | |
| http://www.mantisbt.org/bugs/view.php?id=9321 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2557
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-778 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21958 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14604 | vdb-entry, x_refsource_BID | |
| http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.mantisbt.org/changelog.php | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=112786017426276&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2557",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4522
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22053 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16046/ | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4522",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3338
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17654 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/17362 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15227 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3338",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4520
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/22488 | vdb-entry, x_refsource_OSVDB | |
| http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16046/ | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22488"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4520",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3331
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42549 | vdb-entry, x_refsource_XF | |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/30270 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=121130774617956&w=4 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/5657 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/31972 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1598/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29297 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/4044 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1734
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109313416727851&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17065 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10993 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1734",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0499
Vulnerability from cvelistv5
Published
2003-07-04 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2003/dsa-335 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-335",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0499",
"datePublished": "2003-07-04T04:00:00",
"dateReserved": "2003-06-30T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1731
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17093 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10995 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109312225727345&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-improper-account-validation(17093)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-improper-account-validation(17093)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-improper-account-validation(17093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1731",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4687
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4519
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/18481 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16046/ | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18181/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/22052 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18221 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/22051 | vdb-entry, x_refsource_OSVDB | |
| http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22051"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4519",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2556
Vulnerability from cvelistv5
Published
2005-08-24 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2005/dsa-778 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/16506 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14604 | vdb-entry, x_refsource_BID | |
| http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml | vendor-advisory, x_refsource_GENTOO | |
| http://marc.info/?l=bugtraq&m=112786017426276&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2556",
"datePublished": "2005-08-24T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0147
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3335
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "MISC",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "http://secunia.com/secunia_research/2005-46/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3335",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3337
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM | |
| http://sourceforge.net/project/shownotes.php?release_id=362673 | x_refsource_CONFIRM | |
| http://www.osvdb.org/20321 | vdb-entry, x_refsource_OSVDB | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/17362 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3337",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6574
Vulnerability from cvelistv5
Published
2006-12-15 19:00
Modified
2024-08-07 20:33
Severity ?
EPSS score ?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30870 | vdb-entry, x_refsource_XF | |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log | x_refsource_MISC | |
| http://sourceforge.net/project/shownotes.php?release_id=469627 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/23258 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.mantisbugtracker.com/view.php?id=7364 | x_refsource_MISC | |
| http://secunia.com/advisories/28551 | third-party-advisory, x_refsource_SECUNIA | |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34&r2=1.35 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2006/4978 | vdb-entry, x_refsource_VUPEN | |
| http://bugs.mantisbugtracker.com/view.php?id=3375 | x_refsource_MISC | |
| http://www.mantisbugtracker.com/changelog.php | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/21566 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1467 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6574",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}