22 matches found
Fedora Update for mantis FEDORA-2015-12010
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mantis FEDORA-2015-1419
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities
According to its version number, the MantisBT application hosted on the remote web server is 1.2.x prior to 1.2.18. It is, therefore, affected by the following vulnerabilities : - Multiple input-validation errors exist that could allow cross-site scripting attacks. CVE-2014-7146, CVE-2014-8986,...
Debian DSA-3120-1 : mantis - security update
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian Security Advisory DSA 3120-1 (mantis - security update)
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...
Fedora Update for mantis FEDORA-2014-15142
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
----------------------------------------------------------------------------- Mantis Bug Tracker = 1.2.17 ImportXml.php PHP Code Injection Vulnerability ----------------------------------------------------------------------------- - Software Link: http://www.mantisbt.org/ - Affected Versions: All...
Mantis Bug Tracker 1.2.17 PHP Code Injection Vulnerability
Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability. ----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote...
Mantis Bug Tracker 1.2.17 PHP Code Injection
----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote $this-source-issuelink, '/' . '\d+\b/e'; 111. $replacement = '"\1" . $this-getReplacementString "\2", "\3"...
Fedora Update for mantis FEDORA-2014-16504
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868624";...
Fedora Update for mantis FEDORA-2014-16546
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868626";...
Fedora 21 : mantis-1.2.17-4.fc21 (2014-15142)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 19 : mantis-1.2.17-4.fc19 (2014-15079)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 20 : mantis-1.2.17-4.fc20 (2014-15108)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora Update for mantis FEDORA-2014-15079
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868569";...
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted 1 description field or 2 issuelink attribute in an XML file, which is not properly handled when executing the pregreplace function with the e modifier...
Code injection
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...
CVE-2014-7146
CVE-2014-7146 affects MantisBT
CVE-2014-7146
creationtimestamp| type| source ---|---|--- 2014-11-18 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41685 2014-11-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35283 2018-05-29 15:50:33+00:00| seen|...