7 matches found
CVE-2014-1608
SQL injection vulnerability in the mcifileget function in api/soap/mcfileapi.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mcissueattachmentget SOAP request...
CVE-2014-1608
SQL injection vulnerability in the mcifileget function in api/soap/mcfileapi.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mcissueattachmentget SOAP request...
CVE-2014-1608
The CVE-2014-1608 issue affects MantisBT affected versions prior to 1.2.16. It arises from the mci_file_get function in api/soap/mc_file_api.php, where unsafely constructed SQL via the db_query path in the mc_issue_attachment_get SOAP request, allowing remote attackers to execute arbitrary SQL co...
CVE-2014-1608
SQL injection vulnerability in the mcifileget function in api/soap/mcfileapi.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mcissueattachmentget SOAP request...
Fedora Update for mantis FEDORA-2014-3440
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mantis FEDORA-2014-3421
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[oCERT-2014-001] MantisBT input sanitization errors
2014-001 MantisBT input sanitization errors Description: The MantisBT web-based bugtracking system suffers from SQL injection vulnerabilities caused by insufficient input sanitization. The MantisBT SOAP API uses the unsafe dbquery function allowing a specially crafted tag within the envelope of a...