Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection

Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails...

Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

DSA-1208-1 bugzilla

Bulletin has no description...

Debian DSA-1133-1 : mantis - missing input sanitising

Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...

Bugzilla bug tracking system symbolic links vulnerability

syncshadowdb script symbolic links problem...

CVSTrac filediff vulnerability

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. OpenVAS has determined the vulnerability...

MySQL Eventum Multiple flaws

The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...

CVSTrac chdir() chroot jail escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

CVSTrac history.c history_update function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system...

Debian DSA-778-1 : mantis - missing input sanitising

Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts tha...

Bugzilla bug tracking system information leak

It's possible to determine if closed product exist, password can be leaked as a part of URL...

CVSTrac Detection

The remote host is running CVSTrac, a web-based bug and patch-set tracking system for CVS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid15722; scriptversion"1.14";...

Debian DSA-161-1 : mantis - privilege escalation

A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to...

CVSTrac Database Plaintext Password Storage

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to .db files that may allow an attacker to gain access to plaintext passwords. Nessus has determined the vulnerability exists on the target simply by looking at...

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

phpBugTracker < 0.9.1 - Multiple Vulnerabilities

phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear that the $bugid variable is passed into the...

[EXPL] GNATS Buffer Overflow Exploit Code Released (queue-pr)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security in Canada Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. We welcome ISPs, system...

[Full-Disclosure] GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities.

======================================== INetCop Security Advisory 2003-0x82-018 ======================================== Title: GNATS The GNU bug-tracking system multiple buffer overflow vulnerabilities. 0x01. Description About: GNATS is a portable incident/bug report/help request-tracking syste...

BitchX: Crash when channel modes change

On May 7th 2003, we recieved a bug report through our tracking system which noted a crash problem with BitchX for all versions up to 1.0c20cvs. Certain mode changes would cause BitchX to core consistantly. This problem was resolved in less than 24 hours. The patch was commited to CVS by powuh...