VuXML ID | Description |
00d6040a-b8e0-11dd-a578-0030843d3802 | mantis -- session hijacking vulnerability
The mantis Team reports:
When configuring a web application to use only ssl (e. g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible.
Though, for this to be secure, one needs to set the session cookie to
have the secure flag. Else the cookie will be transferred through http
if the victim's browser does a single http-request on the same domain.
Discovery 2008-10-14 Entry 2008-11-22 mantis
< 1.1.3
CVE-2008-3102
http://www.mantisbt.org/bugs/view.php?id=9524
http://www.mantisbt.org/bugs/view.php?id=9533
http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/
http://int21.de/cve/CVE-2008-3102-mantis.html
|
0822a4cf-9318-11e8-8d88-00e04c1ea73d | mantis -- multiple vulnerabilities
mantis reports:
Teun Beijers reported a cross-site scripting (XSS) vulnerability in
the Edit Filter page which allows execution of arbitrary code
(if CSP settings permit it) when displaying a filter with a crafted
name. Prevent the attack by sanitizing the filter name before display.
Ãmer Cıtak, Security Researcher at Netsparker, reported this
vulnerability, allowing remote attackers to inject arbitrary code
(if CSP settings permit it) through a crafted PATH_INFO on
view_filters_page.php. Prevent the attack by sanitizing the output
of $_SERVER['PHP_SELF'] before display.
Discovery 2018-07-13 Entry 2018-07-29 Modified 2018-08-24 mantis
< 2.15.0,1
https://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f
https://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a
CVE-2018-14504
CVE-2018-13066
|
29255141-c3df-11dd-a721-0030843d3802 | mantis -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in Mantis, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to conduct cross-site scripting and request forgery
attacks.
Input passed to the "filter_target" parameter in
return_dynamic_filters.php is not properly sanitised before being
returned to a user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.
A vulnerability is caused due to the application allowing users to
perform certain actions via HTTP requests without performing any
validity checks to verify the request. This can be exploited to e.g.
add a new user with administrative privileges by enticing a logged-in
administrator to visit a malicious site.
Input passed to the "value" parameter in adm_config_set.php is not
properly sanitised before being used in an "eval()" statement. This
can be exploited to e.g. execute arbitrary PHP commands via a
specially crafted request.
Input passed to the "language" parameter in account_prefs_update.php
is not properly verified before being used to include files. This
can be exploited to include arbitrary files from local
resources.
Discovery 2008-05-15 Entry 2008-12-06 mantis
< 1.1.2
CVE-2008-2276
CVE-2008-3331
CVE-2008-3332
CVE-2008-3333
http://secunia.com/advisories/30270/
|
2b63e964-eb04-11e6-9ac1-a4badb2f4699 | mantis -- XSS vulnerability
wdollman reports:
The value of the view_type parameter on the
view_all_bug_page.php page is not encoded before being displayed on the
page.
Discovery 2016-08-15 Entry 2017-02-04 mantis
< 1.2.19
https://mantisbt.org/bugs/view.php?id=21611
CVE-2016-6837
ports/216662
|
55587adb-b49d-11e1-8df1-0004aca374af | mantis -- multiple vulnerabilities
Mantis reports:
Roland Becker and Damien Regad (MantisBT developers) found that
any user able to report issues via the SOAP interface could also
modify any bugnotes (comments) created by other users. In a
default/typical MantisBT installation, SOAP API is enabled and any
user can sign up to report new issues. This vulnerability therefore
impacts upon many public facing MantisBT installations.
Roland Becker (MantisBT developer) found that the
delete_attachments_threshold permission was not being checked when
a user attempted to delete an attachment from an issue. The more
generic update_bug_threshold permission was being checked instead.
MantisBT administrators may have been under the false impression
that their configuration of the delete_attachments_threshold was
successfully preventing unwanted users from deleting
attachments.
Discovery 2012-06-09 Entry 2012-06-12 Modified 2012-06-13 mantis
< 1.2.11
CVE-2012-2691
CVE-2012-2692
http://www.openwall.com/lists/oss-security/2012/06/09/1
http://sourceforge.net/mailarchive/forum.php?thread_name=1339229952.28538.22%40d.hx.id.au&forum_name=mantisbt-dev
|
592815da-9eed-11da-b410-000e0c2e438a | mantis -- "view_filters_page.php" cross site scripting vulnerability
r0t reports:
Mantis contains a flaw that allows a remote cross site
scripting attack. This flaw exists because input passed to
"target_field" parameter in "view_filters_page.php" is not
properly sanitised before being returned to the user. This
could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.
Discovery 2005-12-13 Entry 2006-02-16 mantis
< 1.0.0a4
CAN-2005-4238
http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html
|
6e3b12e2-6ce3-11da-b90c-000e0c2e438a | mantis -- "view_filters_page.php" cross-site scripting vulnerability
r0t reports:
Mantis contains a flaw that allows a remote cross site
scripting attack. This flaw exists because input passed to
"target_field" parameter in "view_filters_page.php" isn't
properly sanitised before being returned to the user. This
could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.
Discovery 2005-12-13 Entry 2005-12-14 mantis
< 1.0.0rc4
15842
http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html
|
82a41084-6ce7-11da-b90c-000e0c2e438a | mantis -- "t_core_path" file inclusion vulnerability
Secunia Research reports:
Input passed to the "t_core_path" parameter in
"bug_sponsorship_list_view_inc.php" isn't properly verified,
before it used to include files. This can be exploited to
include arbitrary files from external and local
resources.
Discovery 2005-10-26 Entry 2005-12-14 mantis
< 1.0.0rc3
CVE-2005-3335
http://secunia.com/secunia_research/2005-46/advisory/
|
a83f25df-d775-11e0-8bf1-003067b2972c | XSS issue in MantisBT
Net.Edit0r from BlACK Hat Group reported an XSS issue in
search.php. All MantisBT users (including anonymous users that
are not logged in to public bug trackers) could be impacted by
this vulnerability.
Discovery 2011-08-18 Entry 2011-09-05 mantis
ge 1.2.0 lt 1.2.7
ports/160368
CVE-2011-2938
|
af2745c0-c3e0-11dd-a721-0030843d3802 | mantis -- php code execution vulnerability
Secunia reports:
EgiX has discovered a vulnerability in Mantis, which can be
exploited by malicious users to compromise a vulnerable system.
Input passed to the "sort" parameter in manage_proj_page.php is not
properly sanitised before being used in a "create_function()" call.
This can be exploited to execute arbitrary PHP code.
Discovery 2008-10-17 Entry 2008-12-06 mantis
< 1.1.4
CVE-2008-4687
http://secunia.com/advisories/32314/
|
e1b5318c-aa4d-11e5-8f5c-002590263bf5 | mantis -- information disclosure vulnerability
Mantis reports:
CVE-2015-5059: documentation in private projects can be seen by
every user
Discovery 2015-06-23 Entry 2015-12-24 mantis
< 1.2.19_1
CVE-2015-5059
ports/201106
https://mantisbt.org/bugs/view.php?id=19873
http://openwall.com/lists/oss-security/2015/06/25/3
|