Mantis

Mantis

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2005-2556

  • EPSS 0.91%
  • Veröffentlicht 24.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

5

CVE-2004-2666

  • EPSS 0.33%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.

4.3

CVE-2004-1730

Exploit
  • EPSS 0.62%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_pag...

7.5

CVE-2004-1734

Exploit
  • EPSS 1.02%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remo...

5

CVE-2004-1731

Exploit
  • EPSS 4.26%
  • Veröffentlicht 20.08.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.

3.6

CVE-2003-0499

  • EPSS 0.11%
  • Veröffentlicht 07.08.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.

10

CVE-2002-1110

  • EPSS 0.53%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_updat...

7.5

CVE-2002-1116

  • EPSS 0.49%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.

5

CVE-2002-1115

  • EPSS 1.13%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.

7.5

CVE-2002-1114

  • EPSS 2.12%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.