Vulnerabilities > Mantis

DATE CVE VULNERABILITY TITLE RISK
2006-04-02 CVE-2006-1577 Cross-Site Scripting vulnerability in Mantis View_All_Set.PHP
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
network
mantis
6.8
2006-02-22 CVE-2006-0841 Input Validation vulnerability in Mantis
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php.
network
mantis
4.3
2006-02-22 CVE-2006-0840 Input Validation vulnerability in Mantis
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie.
network
low complexity
mantis
5.0
2006-02-13 CVE-2006-0665 Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors.
network
low complexity
mantis
critical
10.0
2006-02-13 CVE-2006-0664 Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
network
mantis
4.3
2006-01-09 CVE-2006-0147 Remote Security vulnerability in Moodle
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
7.5
2005-12-28 CVE-2005-4524 Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
network
low complexity
mantis
5.0
2005-12-28 CVE-2005-4523 Unspecified vulnerability in Mantis
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
network
low complexity
mantis
5.0
2005-12-28 CVE-2005-4522 Unspecified vulnerability in Mantis
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
network
mantis
4.3
2005-12-28 CVE-2005-4521 CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
network
low complexity
mantis
5.0