Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2017/05/22 12:0 a.m.50 views

Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

0.1AI score0.01359EPSS
Exploits5
CVE
CVE
added 2017/05/21 2:0 p.m.76 views

CVE-2017-7620

MantisBT (versions before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1) omits a backslash check in string_api.php, causing conflicting interpretation of an initial / substring as either a local path or a remote hostname. This enables: (1) arbitrary Permalink Injection via CSRF on permalink_pa...

6.5CVSS6.5AI score0.01359EPSS
Exploits5References5Affected Software1
exploitpack
exploitpack
added 2017/05/20 12:0 a.m.24 views

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...

4.3CVSS0.5AI score0.01359EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/05/20 12:0 a.m.75 views

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

6.5CVSS6.5AI score0.01359EPSS
Exploits5
Rows per page
Query Builder