18 matches found
EUVD-2012-5414
Malware in sbrugna...
EUVD-2019-6154
Malware in sbrugna...
EUVD-2020-21964
Malware in sbrugna...
EUVD-2014-8391
Malware in sbrugna...
EUVD-2012-1152
Malware in sbrugna...
EUVD-2013-1924
Malware in sbrugna...
EUVD-2009-1995
Malware in sbrugna...
EUVD-2012-1153
Malware in sbrugna...
CVE-2024-34081
MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...
CVE-2018-16514
A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php and Edit Filter page managefiltereditpage.php in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO. NOTE: this vulnerability exis...
MantisBT Incorrect Authorization for bug_revision_view_page.php check
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bugrevisionviewpage.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnoteid parameter...
GHSA-49W9-82CJ-XR48 MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...
GHSA-XJMX-CPRH-646R MantisBT unauthorized users able to access private files
An issue was discovered in filedownload.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the supposedly private attachments linked to these notes by accessing the corresponding file download URL directly...
GHSA-8VX9-HCVQ-GFV8 MantisBT XSS through weak CSP when using Gravatar plugin
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
MantisBT allows XSS via View Filters page
A cross-site scripting XSS vulnerability in the View Filters page viewfilterspage.php in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code if CSP settings permit it through a crafted PATHINFO...
MantisBT Insufficient Session Expiration cookie string not reset after logout
An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout i.e., the user session is still considered valid and active, allowing an attacker who somehow gained access to a user's cookie to login as them...
MantisBT CSV Injection unprivileged user access in csv_export.php
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csvexport.php generated CSV file in Excel...
CVE-2014-6387
gpcapi.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind...