14 matches found
Fedora Update for mantis FEDORA-2015-12010
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mantis FEDORA-2015-1419
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities
According to its version number, the MantisBT application hosted on the remote web server is 1.2.x prior to 1.2.18. It is, therefore, affected by the following vulnerabilities : - Multiple input-validation errors exist that could allow cross-site scripting attacks. CVE-2014-7146, CVE-2014-8986,...
Debian DSA-3120-1 : mantis - security update
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian Security Advisory DSA 3120-1 (mantis - security update)
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...
Fedora Update for mantis FEDORA-2014-15142
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mantis FEDORA-2014-16504
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868624";...
Fedora Update for mantis FEDORA-2014-16546
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868626";...
Fedora 21 : mantis-1.2.17-4.fc21 (2014-15142)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 20 : mantis-1.2.17-4.fc20 (2014-15108)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 19 : mantis-1.2.17-4.fc19 (2014-15079)
fix CVE-2014-7146, CVE-2014-8598 1162046 fix CVE-2014-8554 1159295 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora Update for mantis FEDORA-2014-15079
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868569";...
CVE-2014-8554
SQL injection vulnerability in the mcprojectgetattachments function in api/soap/mcprojectapi.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the projectid parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609...
CVE-2014-8554
The CVE-2014-8554 entry concerns MantisBT prior to 1.2.18, where the function mc_project_get_attachments in api/soap/mc_project_api.php is vulnerable to SQL injection via the project_id parameter. This results from an incomplete fix for CVE-2014-1609 and allows remote attackers to execute arbitra...