MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form

When cloning an issue originating from a Project other than the current one, the clone form bugreportpage.php prepends the source Project name before the category selector without proper escaping, allowing an attacker able to to inject HTML if they can set the Project's name which typically...

EUVD-2004-1725

Malware in sbrugna...

EUVD-2004-1724

Malware in sbrugna...

RUSTSEC-2024-0340 Tor path lengths too short when "full Vanguards" configured

Description When building anonymizing circuits to or from an onion service with full vanguards enabled, the circuit manager code would build the circuits with one hop too few. Impact This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion...

PT-2023-32862 · Myaac · Myaac

Name of the Vulnerable Software and Affected Versions: slawkens MyAAC versions up to 0.8.13 Description: A vulnerability was found in the file system/pages/bugtracker.php, affecting unknown code. The manipulation of the argument bug2'subject', bug2'text', or report'subject' leads to cross-site...

MyAAC Cross-Site Scripting Vulnerability

MyAAC is a free and open source Automated Account Creator AAC written in PHP by Slawomir Boczek Personal Developer. A cross-site scripting vulnerability exists in MyAAC 0.8.13, which originates in system/pages/bugtracker.php and could lead to cross-site scripting...

libxml 2.9.2 Stack Overflow

Hi This is a disclosure of the following issue that was raised a week ago on the distro's mailing list. Both bugs on the gnome bugtracker are currently private and should be made public now. The two attached patches are based off the 2.9.3 libxml2 release. A couple of weeks back while working on ...

Arbitrary File Write

Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...

CVE-2015-1280

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data...

Mantis BugTracker 1.2.19 Open Redirect

Mantis BugTracker 1.2.19 URL Redirection to Untrusted Site 'Open Redirect' - Affected Vendor: Mantis - Affected System: BugTracker 1.2.19 - Vulnerabilities' Status: Fixed - Associated CWEs: CWE-601: URL Redirection to Untrusted Site 'Open Redirect' http://cwe.mitre.org/data/definitions/601.html...

CVE-2014-2477

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486...

Zoho BugTracker Multiple Stored XSS Vulnerabilities

No description provided by source. !-- Zoho BugTracker Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd Product web page: http://www.zoho.com Affected version: N/A Summary: Zoho Bug Tracker is an online bug tracking software that combines a clean and an intuitive interface to...

Liferay 6.0.x Webdav File Reading Vulnerability

No description provided by source. Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from ...

Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities

Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities Zoho BugTracker Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; inpu...

Zoho BugTracker Cross Site Scripting

Zoho BugTracker Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="...

Zoho BugTracker Multiple Stored XSS Vulnerabilities

Exploit for php platform in category web applications Zoho BugTracker Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; form action="https://HOST/portal/USER/bugdetails.do?action=addcomment" enctype="application/x-www-form-u...

Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities

Zoho BugTracker Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="action...

Zoho BugTracker Multiple Stored XSS Vulnerabilities

Summary Zoho Bug Tracker is an online bug tracking software that combines a clean and an intuitive interface to submit and track bugs with custom workflows, business rules, custom fields and filters for the bugs that software projects are bound to generate and fix all bugs fast. Description The B...

Guests can view names and emailadresses of all Liferay users in liferay 6.1

Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue the...

Liferay users can assign themselves to organizations, leading to possible privilege escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...