Filtered by vendor Mantis
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1116 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | ||||
| CVE-2005-3091 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". | ||||
| CVE-2005-3338 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users. | ||||
| CVE-2005-3339 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors. | ||||
| CVE-2005-4524 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | ||||
| CVE-2006-0665 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | ||||
| CVE-2002-1115 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | ||||
| CVE-2006-0664 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | ||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | ||||
| CVE-2006-0840 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. | ||||
| CVE-2003-0499 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | ||||
| CVE-2006-0841 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522. | ||||
| CVE-2005-3337 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php. | ||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. | ||||
| CVE-2004-1731 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. | ||||
| CVE-2002-1110 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. | ||||
| CVE-2005-4522 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. | ||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | ||||
| CVE-2005-3336 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-3335 | 1 Mantis | 1 Mantis | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | ||||