Vulnerabilites related to mantis - mantis
Vulnerability from fkie_nvd
Published
2006-12-15 19:28
Modified
2025-04-09 00:30
Severity ?
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | * | |
| mantis | mantis | 1.0.0 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0_rc5 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| mantis | mantis | 1.0.1 | |
| mantis | mantis | 1.0.2 | |
| mantis | mantis | 1.0.3 | |
| mantis | mantis | 1.0.4 | |
| mantis | mantis | 1.0.5 | |
| mantis | mantis | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
},
{
"lang": "es",
"value": "Mantis anterior a 1.1.0a2 no implementa el control de acceso del por art\u00edculo para Issue History (Bug History), lo cual permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de la lectura de la columna Change, como se demostr\u00f3 por la columna Change de un campo cliente."
}
],
"id": "CVE-2006-6574",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
],
"id": "CVE-2005-3090",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"id": "CVE-2006-0147",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22291"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
],
"id": "CVE-2004-1734",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10993"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/10993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-14 01:28
Modified
2025-04-09 00:30
Severity ?
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | * | |
| mantis | mantis | 1.0.0 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0_rc5 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| mantis | mantis | 1.0.1 | |
| mantis | mantis | 1.0.2 | |
| mantis | mantis | 1.0.3 | |
| mantis | mantis | 1.0.4 | |
| mantis | mantis | 1.0.5 | |
| mantis | mantis | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
},
{
"lang": "es",
"value": "Mantis en versiones anteriores a la 1.1.0a2 establece el valor por defecto del $g_bug_reminder_threshold a \"reporter\" en vez de un rol con m\u00e1s privilegios, lo cual tiene un impacto desconocido y vectores de ataque, posiblemente relacionado con la frecuencia de los recordatorios."
}
],
"id": "CVE-2006-6515",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-14T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-23 12:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD01725-8887-4005-980A-EAC77E3AC5E8",
"versionEndIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Mantis versiones anteriores a 1.1.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con el resumen de \"Most active bugs\"."
}
],
"id": "CVE-2008-0404",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-23T12:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
],
"id": "CVE-2004-1730",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12338"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
],
"id": "CVE-2005-4524",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
],
"id": "CVE-2005-2556",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-24T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "security@debian.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-13 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 | |
| mantis | mantis | 0.17.4 | |
| mantis | mantis | 0.17.4a | |
| mantis | mantis | 0.17.5 | |
| mantis | mantis | 0.18 | |
| mantis | mantis | 0.18.0_rc1 | |
| mantis | mantis | 0.18.0a2 | |
| mantis | mantis | 0.18.0a3 | |
| mantis | mantis | 0.18.0a4 | |
| mantis | mantis | 0.18.2 | |
| mantis | mantis | 0.18.3 | |
| mantis | mantis | 0.18a1 | |
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 0.19.3 | |
| mantis | mantis | 0.19.4 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"id": "CVE-2006-0664",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
},
{
"lang": "es",
"value": "manage_proj_page.php en Mantis v1.1.4, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro \"sort\" que contiene secuencias PHP y que es procesado por create_function dentro de la funci\u00f3n multi_sort en core/utility_api.php."
}
],
"id": "CVE-2008-4687",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
],
"id": "CVE-2002-1111",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5515"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"id": "CVE-2005-3335",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/121"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015110"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"id": "CVE-2005-4522",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22053"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
],
"id": "CVE-2002-1116",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5565"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
],
"id": "CVE-2004-1731",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| gentoo | linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
],
"id": "CVE-2005-2557",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T21:03:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"id": "CVE-2005-4520",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22488"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-13 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 | |
| mantis | mantis | 0.17.4 | |
| mantis | mantis | 0.17.4a | |
| mantis | mantis | 0.17.5 | |
| mantis | mantis | 0.18 | |
| mantis | mantis | 0.18.0_rc1 | |
| mantis | mantis | 0.18.0a2 | |
| mantis | mantis | 0.18.0a3 | |
| mantis | mantis | 0.18.0a4 | |
| mantis | mantis | 0.18.2 | |
| mantis | mantis | 0.18.3 | |
| mantis | mantis | 0.18a1 | |
| mantis | mantis | 0.19.0 | |
| mantis | mantis | 0.19.0_rc1 | |
| mantis | mantis | 0.19.0a | |
| mantis | mantis | 0.19.0a1 | |
| mantis | mantis | 0.19.0a2 | |
| mantis | mantis | 0.19.1 | |
| mantis | mantis | 0.19.2 | |
| mantis | mantis | 0.19.3 | |
| mantis | mantis | 0.19.4 | |
| mantis | mantis | 1.0.0_rc1 | |
| mantis | mantis | 1.0.0_rc2 | |
| mantis | mantis | 1.0.0_rc3 | |
| mantis | mantis | 1.0.0_rc4 | |
| mantis | mantis | 1.0.0a1 | |
| mantis | mantis | 1.0.0a2 | |
| mantis | mantis | 1.0.0a3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"id": "CVE-2006-0665",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-13T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-02 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"id": "CVE-2006-1577",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-02T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19471"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24292"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"id": "CVE-2004-2666",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
},
{
"source": "cve@mitre.org",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-28 22:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
],
"id": "CVE-2005-3091",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-28T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"id": "CVE-2005-3337",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-22 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6949CF6-A082-4D46-A5A2-E11C138F1085",
"versionEndIncluding": "1.0.0_rc4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"id": "CVE-2006-0840",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-22T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
],
"id": "CVE-2005-4518",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22056"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-03 22:46
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A878BD34-787E-4330-9EE2-D1CD7FE6678E",
"versionEndIncluding": "1.1.0a1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo view.php en Mantis versiones anteriores a 1.1.0, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del filename, relacionado con el archivo bug_report.php."
}
],
"id": "CVE-2007-6611",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-03T22:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en return_dynamic_filters.php en Mantis anterior a 1.1.2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"filter_target\"."
}
],
"evaluatorComment": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4\r\n\r\n\"We have found an XSS vulnerability in return_dynamic_filters.php. In\r\norder to exploit this vulnerability the attacker must be authenticated.\r\nUsually the anonymous user is allowed on typical installation\"",
"id": "CVE-2008-3331",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
},
{
"lang": "es",
"value": "core/string_api.php en Mantis anterior a 1.1.3 no valida los privilegios del visor antes de crear un enlace con los datos de la incidencia en el identificador de origen, lo que permite a atacantes remotos conocer el t\u00edtulo y estado de la incidencia a trav\u00e9s de una petici\u00f3n con un n\u00famero de incidencia modificado."
}
],
"id": "CVE-2008-4688",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
],
"id": "CVE-2002-1115",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5563"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
],
"id": "CVE-2002-1113",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4858"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C952E055-D5AC-4C5E-9B7E-CB58247FB795",
"versionEndIncluding": "0.19.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E1AE7-A73F-43B2-AA6D-DB700E25880B",
"versionEndIncluding": "1.0.0_rc3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"id": "CVE-2005-4519",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22051"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22052"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-14 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"id": "CVE-2005-4238",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-14T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18018"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2874"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo core/lang_api.php en Mantis anterior a versi\u00f3n 1.1.2, permite a los atacantes remotos incluir y ejecutar archivos arbitrarios por medio del par\u00e1metro language en la p\u00e1gina de preferencias del usuario (archivo account_prefs_update.php)."
}
],
"id": "CVE-2008-3333",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-27 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A66D23-7343-44B3-A8A8-FD39D88AFCC4",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6C0D59-A086-4A38-8F94-C35B8A1A0D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C62F6BC-4397-44BD-A7DA-CD4C52425BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "781910F1-C34C-49D6-80D2-62AC80AF17DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BEEA5-B671-4BDE-96D1-B235CF8F197E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B20CB57-A2C4-4491-9A4A-352C699FEF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8DC938-873D-4268-89D1-F16C5796A5C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ED69D6-25B5-4199-B950-165A5FCFEBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E3400-610A-4389-B903-9C6CA3D7B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B0DF8C-FF2D-4DE8-B0D1-92623974A874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03F4013F-427E-41EE-969C-169B97A14A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9555553-AEA7-42B3-BE94-7C4729259378",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n \"Eval\" en adm_config_set.php en Mantis anterior a 1.1.2, permite a administradores autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"value\"."
}
],
"id": "CVE-2008-3332",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-27T23:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 | |
| mantis | mantis | 0.17.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
],
"id": "CVE-2002-1112",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mantis | mantis | 0.15.3 | |
| mantis | mantis | 0.15.4 | |
| mantis | mantis | 0.15.5 | |
| mantis | mantis | 0.15.6 | |
| mantis | mantis | 0.15.7 | |
| mantis | mantis | 0.15.8 | |
| mantis | mantis | 0.15.9 | |
| mantis | mantis | 0.15.10 | |
| mantis | mantis | 0.15.11 | |
| mantis | mantis | 0.15.12 | |
| mantis | mantis | 0.16.0 | |
| mantis | mantis | 0.16.1 | |
| mantis | mantis | 0.17.0 | |
| mantis | mantis | 0.17.1 | |
| mantis | mantis | 0.17.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
],
"id": "CVE-2002-1110",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5510"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*",
"matchCriteriaId": "9F76566C-7F49-4725-91E6-8E2416CB7F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*",
"matchCriteriaId": "02F0F5B5-86D2-48C4-872E-3F8C38AF563C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE171CCD-6AEE-4FCB-9F45-C7CFDE84D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*",
"matchCriteriaId": "C55DA346-A7A0-466F-90D7-CC1E7C2E9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "DB14AEA6-00FC-4C8B-BA57-6CA7A5519493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"id": "CVE-2006-0146",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/22290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F47971-BB00-499D-BDC4-5E24EA2FC79B",
"versionEndIncluding": "1.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
},
{
"lang": "es",
"value": "Mantis anterior a v1.1.3 no desasigna la cookie de sessi\u00f3n durante el cierre de la misma, lo que facilita a atacantes remotos el secuestro de sesiones."
}
],
"id": "CVE-2008-4689",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-22T18:00:01.270",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "cve@mitre.org",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
],
"id": "CVE-2002-1114",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"id": "CVE-2005-3336",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20324"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E1AE7-A73F-43B2-AA6D-DB700E25880B",
"versionEndIncluding": "1.0.0_rc3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF83421-973D-4AC9-BDA3-4161B9CF2D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1633BF3C-89C2-4BEF-9F56-6F19984D3CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "084BD5F4-37F8-4913-8045-769FD81F8C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76B09948-A44C-47D8-A5EC-3873FF36F451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "89D72C1E-73E5-4F51-9D30-D28026939C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EDAA7A-DF0C-4D9E-9D30-0422E4801612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C469C66-B64B-49BD-9D1C-D15F0E9028EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C28223A1-359F-434C-BAAA-82A5F310FA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF1F18B-AE36-48F3-B784-5C97B3F2535E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F073B8A1-3339-4BF2-B8D1-F6BA5CF9695A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A0C36A-83DF-4E67-BA82-0ACE4D50C7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8462CB86-30B1-43D8-B306-271709423DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "131A96BB-EF2E-4AE2-9334-91CA96222BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17DC6205-7016-40C3-921A-B5AEC8513CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "721A536A-9626-4BD7-B84A-E3C4074F1217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2005-4523",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-07 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89786096-AE1B-491B-8284-DBCC2F6112F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
},
{
"lang": "es",
"value": "Mantis 0.17.5 y anteriores almacena sus contrase\u00f1as de base de datos en un fichero de configuraci\u00f3n legible por todo el mundo, lo que permite a usuarios locales realizar operaciones de base de datos no permitidas."
}
],
"id": "CVE-2003-0499",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2003/dsa-335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"id": "CVE-2005-3339",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"id": "CVE-2005-3338",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-28 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
],
"id": "CVE-2005-4521",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-28T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/3064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-22 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0266C2F7-FB20-44EF-B0BB-ECCF055D03A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E88349-E374-4AE9-9C4E-9599C1448D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21FF02F-982C-429F-A14D-D6E18058DD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9407F704-FF3C-4976-BE4C-A1DDC16715D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99FB3D29-644D-4E5F-875D-C87CCE3EF95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5173B32-1099-47C9-996B-56DB29456BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CA26FD-9C45-4628-82B7-E37E3EA3E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9B4611-C002-40F5-978C-BB90F1A893C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B419B788-ADDD-4C0A-8E02-CBB58FD21938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7C8B5A-A630-4EDD-A6E8-27D2E1139CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B347D6C8-4607-481D-863E-7F41E9868041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E387645-BC7A-4EA5-AE9E-A3C66994391B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4F434D16-4F09-4BCF-BD3E-9114876C2575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C80575A3-87E7-40BC-9BCB-E12BB7938A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8FD23-C9A3-40AB-B3ED-86739BA8A362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "72BD480B-7CFB-4FD3-8E47-028F32AEF902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04989B5F-30B2-43A0-A061-BF43EEA8756C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7C781D-F5D1-4C63-B6E3-230DEC80104E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0755FA0-2365-42B4-8E42-214D5BAD71A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35248DDA-D37D-4D72-9FF8-6813BA4C87BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67C54F4-4155-43DA-8E07-579249759989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE7BEF1-1522-4666-B6B1-36A308FBC0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C376D216-914A-4D96-8603-C6861B3E2857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0636CA-49A5-4463-B22B-6C5E1E2D44AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.14.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A07B4C-CE12-4381-BFE4-CE79411F5069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6E1BE3-BF57-4ED4-918D-8B23CB195ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065C222C-638F-4303-BE6A-7FED59E21FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB502B29-FBC5-4984-A735-AA0B6DF4A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F759138-7079-471F-B30D-ED62351CFCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62328B-4C77-4FF4-B1D9-BE4A2E5C61FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAFD163-7FE7-48FB-8860-7B00B0FFA628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C074DBE-AFC9-4094-A170-A31D79C139D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53520AA0-E5AB-450A-9D95-E075B552D2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.17.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D77F95A-0059-4442-8D9D-AA7F101FBBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BC255D-6B0F-412D-B639-B9F9656E4839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70450FAB-7886-418E-B471-8F16A68F9658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4CFE80-223F-45DA-A9FB-03474F61E027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "B29FF305-E773-497E-9C47-7D87383F1440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "8724300D-CBDC-4C66-BF78-038F838C06DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7283A58-EE8E-493F-8E51-C97FF87ECA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CF3162-EAF8-438C-891A-FD13ECF6D6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E42F3A0-5FDB-4053-9EA5-D19B7061CDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "101BF6DC-0F73-41E0-A0EE-BA1EA7397423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC458D9-12B1-4CF1-980E-BC86E874BBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.18a1:*:*:*:*:*:*:*",
"matchCriteriaId": "2202C65A-33FB-4742-8706-2BDD5B442030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5419E3AC-4215-4584-9538-AF790DC9BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C48B8F-633E-4D69-A174-26C19829DE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E7658F-A543-46F5-B79D-E0E25B7C574F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD259C18-7111-45C9-B6C3-6A5F29998146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBA3B4B-D7E6-4555-969F-66217ACDACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38BFDCFA-00C8-4B6A-B758-8FD15A122CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6770FDC6-792D-49B2-942B-282F9012D0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DB707C-29DF-442C-BBBE-650182692A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C420189-4748-465C-96FE-DC89502F7E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A1BAC-F777-413E-BFB7-972C687C2D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C7EDA7-1BED-4152-BD3D-3A596482D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "730BE023-C283-4775-915C-79817723917A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "337E18A7-07A3-456D-868A-2002F96D7A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "84B09B6D-EE4D-4241-B3EF-CBCB03A7F579",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"id": "CVE-2006-0841",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-22T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22487"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23248"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-3335 (GCVE-0-2005-3335)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "MISC",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "http://secunia.com/secunia_research/2005-46/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3335",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4520 (GCVE-0-2005-4520)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22488"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4520",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6515 (GCVE-0-2006-6515)
Vulnerability from cvelistv5
Published
2006-12-14 01:00
Modified
2024-08-07 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:21:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6515",
"datePublished": "2006-12-14T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2556 (GCVE-0-2005-2556)
Vulnerability from cvelistv5
Published
2005-08-24 04:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2556",
"datePublished": "2005-08-24T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4521 (GCVE-0-2005-4521)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4521",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6611 (GCVE-0-2007-6611)
Vulnerability from cvelistv5
Published
2008-01-03 22:00
Modified
2024-08-07 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3339 (GCVE-0-2005-3339)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3339",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1811 (GCVE-0-2013-1811)
Vulnerability from cvelistv5
Published
2019-11-07 22:28
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1731 (GCVE-0-2004-1731)
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-improper-account-validation(17093)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-improper-account-validation(17093)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-improper-account-validation(17093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17093"
},
{
"name": "10995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10995"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1731",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6574 (GCVE-0-2006-6574)
Vulnerability from cvelistv5
Published
2006-12-15 19:00
Modified
2024-08-07 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6574",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1577 (GCVE-0-2006-1577)
Vulnerability from cvelistv5
Published
2006-04-02 21:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"name": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1577",
"datePublished": "2006-04-02T21:00:00",
"dateReserved": "2006-04-02T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2666 (GCVE-0-2004-2666)
Vulnerability from cvelistv5
Published
2006-12-15 19:00
Modified
2024-08-08 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00",
"dateReserved": "2006-12-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4524 (GCVE-0-2005-4524)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 does not properly handle \"Make note private\" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4524",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3091 (GCVE-0-2005-3091)
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 \"thraxisp\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3091",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3332 (GCVE-0-2008-3332)
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4688 (GCVE-0-2008-4688)
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1730 (GCVE-0-2004-1730)
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-viewallset-xss(17072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-viewallset-xss(17072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-viewallset-xss(17072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17072"
},
{
"name": "mantis-loginpage-xss(17066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17066"
},
{
"name": "12338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12338"
},
{
"name": "mantis-loginselectprojpage-xss(17070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17070"
},
{
"name": "20040820 Multiple Vulnerabilities in Mantis Bugtracker",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109312225727345\u0026w=2"
},
{
"name": "10994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10994"
},
{
"name": "mantis-signup-xss(17069)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1730",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4238 (GCVE-0-2005-4238)
Vulnerability from cvelistv5
Published
2005-12-14 11:00
Modified
2024-08-07 23:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4238",
"datePublished": "2005-12-14T11:00:00",
"dateReserved": "2005-12-14T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3338 (GCVE-0-2005-3338)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3338",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0840 (GCVE-0-2006-0840)
Vulnerability from cvelistv5
Published
2006-02-22 02:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0840",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2557 (GCVE-0-2005-2557)
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2557",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0147 (GCVE-0-2006-0147)
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0841 (GCVE-0-2006-0841)
Vulnerability from cvelistv5
Published
2006-02-22 02:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23248"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22487"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0841",
"datePublished": "2006-02-22T02:00:00",
"dateReserved": "2006-02-22T00:00:00",
"dateUpdated": "2024-08-07T16:48:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4687 (GCVE-0-2008-4687)
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1114 (GCVE-0-2002-1114)
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978711618648\u0026w=2"
},
{
"name": "mantis-configinc-var-include(9900)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1114",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1734 (GCVE-0-2004-1734)
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040820 Mantis Bugtracker Remote PHP Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109313416727851\u0026w=2"
},
{
"name": "mantis-php-file-include(17065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17065"
},
{
"name": "10993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1734",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0146 (GCVE-0-2006-0146)
Vulnerability from cvelistv5
Published
2006-01-09 23:00
Modified
2024-08-07 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0404 (GCVE-0-2008-0404)
Vulnerability from cvelistv5
Published
2008-01-23 11:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1115 (GCVE-0-2002-1115)
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-06.txt"
},
{
"name": "mantis-view-private-bugs(9954)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9954.php"
},
{
"name": "20020823 [Mantis Advisory/2002-06] Private bugs accessible in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103013249211164\u0026w=2"
},
{
"name": "5563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5563"
},
{
"name": "DSA-161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1115",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1116 (GCVE-0-2002-1116)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"View Bugs\" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-161",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-161"
},
{
"name": "mantis-viewbugs-bug-listing(9955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9955"
},
{
"name": "20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on \u0027View Bugs\u0027",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103014152320112\u0026w=2"
},
{
"name": "5565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1116",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0665 (GCVE-0-2006-0665)
Vulnerability from cvelistv5
Published
2006-02-13 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0665",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0499 (GCVE-0-2003-0499)
Vulnerability from cvelistv5
Published
2003-07-04 04:00
Modified
2024-08-08 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-335",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0499",
"datePublished": "2003-07-04T04:00:00",
"dateReserved": "2003-06-30T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3337 (GCVE-0-2005-3337)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3337",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3333 (GCVE-0-2008-3333)
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4523 (GCVE-0-2005-4523)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4523",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1111 (GCVE-0-2002-1111)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978873620491\u0026w=2"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt"
},
{
"name": "mantis-limit-reporters-bypass(9898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9898"
},
{
"name": "5515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1111",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1110 (GCVE-0-2002-1110)
Vulnerability from cvelistv5
Published
2002-09-10 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-user-sql-injection(9897)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-user-sql-injection(9897)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-user-sql-injection(9897)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9897.php"
},
{
"name": "20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978728718851\u0026w=2"
},
{
"name": "5510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5510"
},
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1110",
"datePublished": "2002-09-10T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4689 (GCVE-0-2008-4689)
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0664 (GCVE-0-2006-0664)
Vulnerability from cvelistv5
Published
2006-02-13 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0664",
"datePublished": "2006-02-13T11:00:00",
"dateReserved": "2006-02-13T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4518 (GCVE-0-2005-4518)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22056"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4518",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4522 (GCVE-0-2005-4522)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4522",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3090 (GCVE-0-2005-3090)
Vulnerability from cvelistv5
Published
2005-09-28 04:00
Modified
2024-08-07 23:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3090",
"datePublished": "2005-09-28T04:00:00",
"dateReserved": "2005-09-28T00:00:00",
"dateUpdated": "2024-08-07T23:01:57.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3331 (GCVE-0-2008-3331)
Vulnerability from cvelistv5
Published
2008-07-27 23:00
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00",
"dateReserved": "2008-07-27T00:00:00",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1113 (GCVE-0-2002-1113)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "5504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5504"
},
{
"name": "mantis-include-remote-files(9829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978924821040\u0026w=2"
},
{
"name": "20020813 mantisbt security flaw",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102927873301965\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1113",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3336 (GCVE-0-2005-3336)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3336",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1112 (GCVE-0-2002-1112)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-153",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5514"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the \"View Bugs\" page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name": "20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102978673018271\u0026w=2"
},
{
"name": "5514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5514"
},
{
"name": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt",
"refsource": "CONFIRM",
"url": "http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt"
},
{
"name": "mantis-private-project-bug-listing(9899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1112",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4519 (GCVE-0-2005-4519)
Vulnerability from cvelistv5
Published
2005-12-28 01:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22051"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4519",
"datePublished": "2005-12-28T01:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}