MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities

According to its version number, the MantisBT application hosted on the remote web server is 1.2.x prior to 1.2.18. It is, therefore, affected by the following vulnerabilities : - Multiple input-validation errors exist that could allow cross-site scripting attacks. CVE-2014-7146, CVE-2014-8986,...

Debian DSA-3120-1 : mantis - security update

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Debian Security Advisory DSA 3120-1 (mantis - security update)

Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...

CVE-2014-8553

The mciaccountgetarraybyid function in api/soap/mcaccountapi.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a 1 mcprojectgetusers, 2 mcissueget, 3 mcfiltergetissues, or 4 mcprojectgetissues SOAP request...

CVE-2014-8553

Affected software: MantisBT 1.2.x before 1.2.18. Vulnerability: information disclosure via SOAP requests (mc_project_get_users, mc_issue_get, mc_filter_get_issues, mc_project_get_issues) caused by mci_account_get_array_by_id in api/soap/mc_account_api.php. Impact: potential exposure of sensitive ...