414 matches found
Mantis Bug Tracker <= 1.1.3 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ========================================================= Mantis Bug Tracker = 1.1.3 Remote Code Execution Exploit ========================================================= ?php /...
Mantis Bug Tracker 1.1.3 - Remote Code Execution
?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom...
Mantis < 1.1.2 account_prefs_update.php language Parameter Traversal Local File Inclusion
Binary data 4605.prm...
Mantis Bug Tracker 1.1.1 (CE/XSS/CSRF) Multiple Vulnerabilities
No description provided by source. Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P Vendor http://www.mantisbt.org/ Adviso...
Mantis Bug Tracker 1.1.1 (CE/XSS/CSRF) Multiple Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== Mantis Bug Tracker 1.1.1 CE/XSS/CSRF Multiple Vulnerabilities =============================================================== Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities...
Mantis Bug Tracker 1.1.1 - Code Execution / Cross-Site Scripting / Cross-Site Request Forgery
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P Vendor http://www.mantisbt.org/ Advisory...
Mantis Bug Tracker 1.1.1 - Code Execution Cross-Site Scripting Cross-Site Request Forgery
Mantis Bug Tracker 1.1.1 - Code Execution Cross-Site Scripting Cross-Site Request Forgery Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector:...
Mantis manage_user_create.php CSRF New User Creation
The version of Mantis Bug Tracker installed on the remote host does not verify the validity of HTTP requests before performing various administrative actions. If a remote attacker can trick a logged-in administrator into viewing a specially crafted page, the vulnerability could be leveraged to...
unleashed-xss.txt
Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request:...
[Full-disclosure] The Everything Development System - SQL Injection
Application: The Everything Development System Versions: = Pre-1.0 current version at time of release Author: sub [email protected] Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to...
The Everything Development System - SQL Injection
Application: The Everything Development System Versions: = Pre-1.0 current version at time of release Author: sub [email protected] Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to...
The Everything Development System <= Pre-1.0 SQL Injection Vuln
No description provided by source. Application: The Everything Development System Versions: = Pre-1.0 current version at time of release Author: sub [email protected] Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to...
The Everything Development System <= Pre-1.0 SQL Injection Vuln
Exploit for unknown platform in category web applications =============================================================== The Everything Development System = Pre-1.0 SQL Injection Vuln =============================================================== Application: The Everything Development System...
The Everything Development System Pre-1.0 - SQL Injection
Application: The Everything Development System Versions: Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, password...
The Everything Development System Pre-1.0 - SQL Injection
The Everything Development System Pre-1.0 - SQL Injection Application: The Everything Development System Versions: Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information...
Mantis < 0.9.5 / 1.1.0 RC5 view.php HTML Injection
Binary data 4326.prm...
Joomla! Component com_search 1.5 RC3 - index.php Multiple SQL Injections
Joomla! Component comsearch 1.5 RC3 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/26707/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these...
php local buffer underflow could lead to arbitary code execution
Affected versions: php 5.1.4 and older, 4.4.3 and possibly older Cause: when php-s sscanf functions format argument contains argument swap and extra arguments are given like. sscanf'foo ','$1s',$bar then it reads an pointer to pointer to zval structure past the end of argument array by one. Php...
Mantis Bug Tracker 0.x1.0 - manage_user_page.php?sort Cross-Site Scripting
Mantis Bug Tracker 0.x1.0 - manageuserpage.php?sort Cross-Site Scripting source: https://www.securityfocus.com/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure ...
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16657/info Mantis is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful...