Search criteria
44 vulnerabilities by mantis
CVE-2013-1811 (GCVE-0-2013-1811)
Vulnerability from cvelistv5 – Published: 2019-11-07 22:28 – Updated: 2024-08-06 15:13
VLAI?
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4689 (GCVE-0-2008-4689)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4687 (GCVE-0-2008-4687)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4688 (GCVE-0-2008-4688)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3333 (GCVE-0-2008-3333)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3331 (GCVE-0-2008-3331)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3332 (GCVE-0-2008-3332)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0404 (GCVE-0-2008-0404)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6611 (GCVE-0-2007-6611)
Vulnerability from cvelistv5 – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6574 (GCVE-0-2006-6574)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6574",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2666 (GCVE-0-2004-2666)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6515 (GCVE-0-2006-6515)
Vulnerability from cvelistv5 – Published: 2006-12-14 01:00 – Updated: 2024-08-07 20:26
VLAI?
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6515",
"datePublished": "2006-12-14T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1577 (GCVE-0-2006-1577)
Vulnerability from cvelistv5 – Published: 2006-04-02 21:00 – Updated: 2024-08-07 17:19
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"name": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1577",
"datePublished": "2006-04-02T21:00:00",
"dateReserved": "2006-04-02T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0841 (GCVE-0-2006-0841)
Vulnerability from cvelistv5 – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23248"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22487"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0841",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0840 (GCVE-0-2006-0840)
Vulnerability from cvelistv5 – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0840",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0665 (GCVE-0-2006-0665)
Vulnerability from cvelistv5 – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0665",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0664 (GCVE-0-2006-0664)
Vulnerability from cvelistv5 – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0664",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0147 (GCVE-0-2006-0147)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0146 (GCVE-0-2006-0146)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4522 (GCVE-0-2005-4522)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4522",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4523 (GCVE-0-2005-4523)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4523",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4519 (GCVE-0-2005-4519)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22051"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4519",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4520 (GCVE-0-2005-4520)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22488"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4520",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4238 (GCVE-0-2005-4238)
Vulnerability from cvelistv5 – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4238",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3337 (GCVE-0-2005-3337)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3337",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3339 (GCVE-0-2005-3339)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3339",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3336 (GCVE-0-2005-3336)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3336",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3338 (GCVE-0-2005-3338)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3338",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3335 (GCVE-0-2005-3335)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "MISC",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "http://secunia.com/secunia_research/2005-46/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3335",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3091 (GCVE-0-2005-3091)
Vulnerability from cvelistv5 – Published: 2005-09-28 04:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3091",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}