Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15842/info Mantis is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

Mantis Bug Tracker 0.19.21.0 - Bug_sponsorship_list_view_inc.php File Inclusion

Mantis Bug Tracker 0.19.21.0 - Bugsponsorshiplistviewinc.php File Inclusion source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacke...

Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion

source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote and local PHP code on a...

Mantis Bug Tracker 0.x1.0 - Multiple Input Validation Vulnerabilities

Mantis Bug Tracker 0.x1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in th...

Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with...

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message...

Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities

Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10994/info Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database. It is reported that Mantis is affected by cross-site scripting...

Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10994/info Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database. It is reported that Mantis is affected by cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When PHP is configured to register glob...

Mantis Bug Tracker 0.x - New Account Signup Mass Emailing

source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users...

[Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation

Mantis Advisory/2002-03 Bug listings of private projects can be viewed through cookie manipulation 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Contact details 1. Introduction Mantis is an Open Source...

Mantis Bug Tracker 0.15.x0.160.17.x - JPGraph Remote File Inclusion Command Execution

Mantis Bug Tracker 0.15.x0.160.17.x - JPGraph Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/5504/info Mantis depends on include files to provide some functionality, such as dynamic generation of graphs. However, since Mantis does not properly validate the path ...

Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution

source: https://www.securityfocus.com/bid/5504/info Mantis depends on include files to provide some functionality, such as dynamic generation of graphs. However, since Mantis does not properly validate the path to the include file, it is possible for attackers to specify an arbitrary path, either...