Vulnerabilities > Mantis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-28 | CVE-2005-3090 | Cross-Site Scripting vulnerability in Mantis Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557. network mantis | 4.3 |
| 2005-09-28 | CVE-2005-2557 | Input Validation vulnerability in Mantis Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | 4.3 |
| 2005-08-24 | CVE-2005-2556 | Input Validation vulnerability in Mantis core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | 7.5 |
| 2004-12-31 | CVE-2004-2666 | Information Disclosure vulnerability in Mantis Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | 5.0 |
| 2004-12-31 | CVE-2004-1734 | Remote Server-Side Script Execution vulnerability in Mantis 0.19.0A PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1730 | Cross-Site Scripting vulnerability in Mantis Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. network mantis | 4.3 |
| 2004-08-20 | CVE-2004-1731 | Unspecified vulnerability in Mantis signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. | 5.0 |
| 2003-08-07 | CVE-2003-0499 | Local Security vulnerability in Mantis 0.17.5 Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | 3.6 |
| 2002-10-04 | CVE-2002-1116 | Unspecified vulnerability in Mantis The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | 7.5 |
| 2002-10-04 | CVE-2002-1115 | Unspecified vulnerability in Mantis Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | 5.0 |