[SECURITY] Fedora 8 Update: mantis-1.1.1-1.fc8

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

[SECURITY] Fedora 7 Update: mantis-1.1.1-1.fc7

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

[SECURITY] Fedora 8 Update: mantis-1.1.0-1.fc8

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

[SECURITY] Fedora 7 Update: mantis-1.1.0-1.fc7

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 7 | Feb 14th, 2006 | --------------------------------------------------- | Vendor | Mantis BT | | URL | http://www.mantisbt.org/ | | Version | = Mantis 1.00rc4 | | Risk ...

Mantis bugtracking system XSS vuln.

Mantis bugtracking system XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html vendor:http://www.mantisbt.org/ affected version: 1.0.0rc3,1.0.0rc2 and prior Product Description: Mantis is a web-based...

Mantis: Multiple vulnerabilities

Background Mantis is a web-based bugtracking system written in PHP. Description Mantis contains several vulnerabilities, including: a remote file inclusion vulnerability an SQL injection vulnerability multiple cross site scripting vulnerabilities multiple information disclosure vulnerabilities...

Mantis: XSS and SQL injection vulnerabilities

Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...

[Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis

Mantis Advisory/2002-05 Arbitrary code execution and file reading vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 5.1 Arbitrary code execution 5.2 Displaying local files 6. Credit 7...

Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.

During work I've found out that the combination of the Java Plugin 1.4 with the JRE 1.3 doesn't handle certificates properly. An applet signed with an outdated certificate shouldn't be able to get access to the filesystem on the client machine. However this happens when using the named combinatio...