Mantis

Mantis

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2006-1577

Exploit
  • EPSS 2.03%
  • Veröffentlicht 02.04.2006 21:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.

4.3

CVE-2006-0841

Exploit
  • EPSS 10.75%
  • Veröffentlicht 22.02.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severi...

5

CVE-2006-0840

Exploit
  • EPSS 1.67%
  • Veröffentlicht 22.02.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web acc...

10

CVE-2006-0665

  • EPSS 0.39%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party infor...

4.3

CVE-2006-0664

  • EPSS 0.43%
  • Veröffentlicht 13.02.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are ...

7.5

CVE-2006-0147

Exploit
  • EPSS 21.17%
  • Veröffentlicht 09.01.2006 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (...

7.5

CVE-2006-0146

Exploit
  • EPSS 7.66%
  • Veröffentlicht 09.01.2006 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty,...

5

CVE-2005-4523

Exploit
  • EPSS 0.76%
  • Veröffentlicht 28.12.2005 01:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

4.3

CVE-2005-4522

Exploit
  • EPSS 1.28%
  • Veröffentlicht 28.12.2005 01:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.

5

CVE-2005-4520

Exploit
  • EPSS 1.06%
  • Veröffentlicht 28.12.2005 01:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear wh...