371 matches found
CVE-2012-1120
CVE-2012-1120 affects MantisBT before 1.2.9. The flaw is in the SOAP API where permissions for bug notes and delete_bug are not properly enforced, enabling remote authenticated users with read/write SOAP API privileges to delete arbitrary bug reports and notes. The vulnerability stems from incorr...
CVE-2012-1123
CVE-2012-1123 affects MantisBT prior to 1.2.9: the mci_check_login function in api/soap/mc_api.php in the SOAP API allows remote attackers to bypass authentication with a null password. The issue enables partial confidentiality, integrity, and availability impact. Remediation is to upgrade to Man...
CVE-2012-1120
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...
CVE-2012-1123
The mcichecklogin function in api/soap/mcapi.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password...
Debian DSA-2500-1 : mantis - several vulnerabilities
Several vulnerabilities were discovered in Mantis, an issue tracking system. - CVE-2012-1118 Mantis installation in which the privatebugviewthreshold configuration option has been set to an array value do not properly enforce bug viewing restrictions. - CVE-2012-1119 Copy/clone bug report actions...
CVE-2012-2691
The mcissuenoteupdate function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request...
Cross site request forgery (csrf)
The mcissuenoteupdate function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request...
CVE-2012-2691
The mcissuenoteupdate function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request...
CVE-2012-2691
The mcissuenoteupdate function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request...
CVE-2012-2691
CVE-2012-2691 affects MantisBT (SOAP API) where the mc_issue_note_update function does not properly enforce privileges. As a result, remote attackers with bug reporting privileges could edit arbitrary bugnotes via SOAP requests. The vulnerability is described as code-level privilege check bypass ...
VMware SOAP API Settings
Binary data vmwaresoapsettings.nbin...