Vulnerabilities > Mantis > Mantis > 0.16.1

DATE CVE VULNERABILITY TITLE RISK
2008-07-27 CVE-2008-3333 Path Traversal vulnerability in Mantis
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
network
low complexity
mantis CWE-22
7.5
7.5
2008-07-27 CVE-2008-3332 Code Injection vulnerability in Mantis
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
network
low complexity
mantis CWE-94
6.5
6.5
2008-07-27 CVE-2008-3331 Cross-Site Scripting vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
network
mantis CWE-79
3.5
3.5
2008-01-23 CVE-2008-0404 Cross-Site Scripting vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
network
mantis CWE-79
4.3
4.3
2005-12-28 CVE-2005-4523 Unspecified vulnerability in Mantis
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
network
low complexity
mantis
5.0
5.0
2005-12-28 CVE-2005-4519 Unspecified vulnerability in Mantis
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
network
low complexity
mantis
7.5
7.5
2005-12-14 CVE-2005-4238 Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
network
mantis
4.3
4.3
2005-09-28 CVE-2005-3091 Remote vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
network
mantis
4.3
4.3
2004-12-31 CVE-2004-2666 Information Disclosure vulnerability in Mantis
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
network
low complexity
mantis
5.0
5.0
2004-12-31 CVE-2004-1730 Cross-Site Scripting vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
network
mantis
4.3
4.3