Search criteria
131 vulnerabilities found for mantis by mantis
CVE-2013-1811 (GCVE-0-2013-1811)
Vulnerability from cvelistv5 – Published: 2019-11-07 22:28 – Updated: 2024-08-06 15:13
VLAI?
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4687 (GCVE-0-2008-4687)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4688 (GCVE-0-2008-4688)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4689 (GCVE-0-2008-4689)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3333 (GCVE-0-2008-3333)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3331 (GCVE-0-2008-3331)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3332 (GCVE-0-2008-3332)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0404 (GCVE-0-2008-0404)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6611 (GCVE-0-2007-6611)
Vulnerability from cvelistv5 – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2666 (GCVE-0-2004-2666)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6574 (GCVE-0-2006-6574)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6574",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1811 (GCVE-0-2013-1811)
Vulnerability from nvd – Published: 2019-11-07 22:28 – Updated: 2024-08-06 15:13
VLAI?
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4687 (GCVE-0-2008-4687)
Vulnerability from nvd – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4688 (GCVE-0-2008-4688)
Vulnerability from nvd – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4689 (GCVE-0-2008-4689)
Vulnerability from nvd – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3333 (GCVE-0-2008-3333)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3331 (GCVE-0-2008-3331)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3332 (GCVE-0-2008-3332)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0404 (GCVE-0-2008-0404)
Vulnerability from nvd – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6611 (GCVE-0-2007-6611)
Vulnerability from nvd – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2666 (GCVE-0-2004-2666)
Vulnerability from nvd – Published: 2006-12-15 19:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2008-4687
Vulnerability from fkie_nvd - Published: 2008-10-22 18:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
},
{
"lang": "es",
"value": "manage_proj_page.php en Mantis v1.1.4, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro \"sort\" que contiene secuencias PHP y que es procesado por create_function dentro de la funci\u00f3n multi_sort en core/utility_api.php."
}
],
"id": "CVE-2008-4687",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4689
Vulnerability from fkie_nvd - Published: 2008-10-22 18:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F47971-BB00-499D-BDC4-5E24EA2FC79B",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
},
{
"lang": "es",
"value": "Mantis anterior a v1.1.3 no desasigna la cookie de sessi\u00f3n durante el cierre de la misma, lo que facilita a atacantes remotos el secuestro de sesiones."
}
],
"id": "CVE-2008-4689",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.270",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-4688
Vulnerability from fkie_nvd - Published: 2008-10-22 18:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
},
{
"lang": "es",
"value": "core/string_api.php en Mantis anterior a 1.1.3 no valida los privilegios del visor antes de crear un enlace con los datos de la incidencia en el identificador de origen, lo que permite a atacantes remotos conocer el t\u00edtulo y estado de la incidencia a trav\u00e9s de una petici\u00f3n con un n\u00famero de incidencia modificado."
}
],
"id": "CVE-2008-4688",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3333
Vulnerability from fkie_nvd - Published: 2008-07-27 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo core/lang_api.php en Mantis anterior a versi\u00f3n 1.1.2, permite a los atacantes remotos incluir y ejecutar archivos arbitrarios por medio del par\u00e1metro language en la p\u00e1gina de preferencias del usuario (archivo account_prefs_update.php)."
}
],
"id": "CVE-2008-3333",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3331
Vulnerability from fkie_nvd - Published: 2008-07-27 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en return_dynamic_filters.php en Mantis anterior a 1.1.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"filter_target\"."
}
],
"evaluatorComment": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4\r\n\r\n\"We have found an XSS vulnerability in return_dynamic_filters.php. In\r\norder to exploit this vulnerability the attacker must be authenticated.\r\nUsually the anonymous user is allowed on typical installation\"",
"id": "CVE-2008-3331",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3332
Vulnerability from fkie_nvd - Published: 2008-07-27 23:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n \"Eval\" en adm_config_set.php en Mantis anterior a 1.1.2, permite a administradores autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"value\"."
}
],
"id": "CVE-2008-3332",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0404
Vulnerability from fkie_nvd - Published: 2008-01-23 12:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD01725-8887-4005-980A-EAC77E3AC5E8",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Mantis versiones anteriores a 1.1.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con el resumen de \"Most active bugs\"."
}
],
"id": "CVE-2008-0404",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-23T12:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6611
Vulnerability from fkie_nvd - Published: 2008-01-03 22:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo view.php en Mantis versiones anteriores a 1.1.0, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del filename, relacionado con el archivo bug_report.php."
}
],
"id": "CVE-2007-6611",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-03T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6574
Vulnerability from fkie_nvd - Published: 2006-12-15 19:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | * | |
| mantis | mantis | 1.0.0 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0_rc5 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| mantis | mantis | 1.0.1 | |
| mantis | mantis | 1.0.2 | |
| mantis | mantis | 1.0.3 | |
| mantis | mantis | 1.0.4 | |
| mantis | mantis | 1.0.5 | |
| mantis | mantis | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
},
{
"lang": "es",
"value": "Mantis anterior a 1.1.0a2 no implementa el control de acceso del por art\u00edculo para Issue History (Bug History), lo cual permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de la lectura de la columna Change, como se demostr\u00f3 por la columna Change de un campo cliente."
}
],
"id": "CVE-2006-6574",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}