CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack...

MantisBT Source Integration Plugin Cross-Site Scripting Vulnerability

MantisBT is MantisBT team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations . Source Integration plugin is used in which a source code control integration plugin . A cross-site scripting...

Kali Linux 2018.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

Kali 2018.3 brings the kernel up to version 4.17.0 and while 4.17.0 did not introduce many changes, 4.16.0 had a huge number of additions and improvements including more Spectre and Meltdown fixes, improved power management, and better GPU support. New Tools and Tool Upgrades Since our last...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2018-14791)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the View Filters page viewfilterspage.php in MantisBT versions 2.1.0...

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...

MantisBT Information Disclosure Vulnerability (CNVD-2018-05515 )

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A security vulnerability exists in the viewallbugpage.php file in versions of MantisBT prior to 2018-02-02. A remote...

Researcher Identifies Bugs in Google’ Bug Tracker Program

By Uzair Amir A security researcher has identified bugs in Google’s bug tracker This is a post from HackRead.com Read the original post: Researcher Identifies Bugs in Google’ Bug Tracker Program...

Flaw in Google Bug Tracker Exposed Reports About Unpatched Vulnerabilities

Google’s Issue Tracker, also known internally as the “Buganizer,” contained until recently a vulnerability that would allow an external party access to any unpatched bug listed and described in the database. Alex Birsan, a software developer and hobbyist bug-hunter, collected more than $15,000 in...

CVE-2015-2142

Multiple cross-site request forgery CSRF vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to 1 hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, 2 hijack the authentication of users for...

CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

Fedora 26 : libupnp (2017-23535a31f8)

miniserver: fix binding to ipv6 link-local addresses - Fix out-of-bound access in createurllist CVE-2016-8863 - If the error or info log files can not be created, use stderr and stdout instead. - SF Bug Tracker 132 CVE-2016-6255: write files via POST Note that Tenable Network Security has...

Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and...

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Mantis Bug Tracker verify.php confirm_hash Remote Password Reset (CVE-2017-7615)

A remote password reset vulnerability exists in Mantis Bug Tracker. The vulnerability is due to a lack of input validation on the confirmhash parameter when verifying password reset requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to th...

Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset Exploit

Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...

Mantis Bug Tracker 1.3.02.3.0 - Password Reset

Mantis Bug Tracker 1.3.02.3.0 - Password Reset + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product...

Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ================== Mantis Bug Tracker v1.3.0 /...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-04628)

MantisBT is an open-source issue management system developed in PHP and commonly used for internal collaboration within corporate teams. A cross-site scripting vulnerability exists in the moveattachmentspage.php page in MantisBT 1.2.16 and later versions, which can be exploited to inject script o...