6 matches found
EUVD-2019-6154
Malware in sbrugna...
EUVD-2009-1995
Malware in sbrugna...
EUVD-2012-1153
Malware in sbrugna...
MantisBT Incorrect Authorization for bug_revision_view_page.php check
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bugrevisionviewpage.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnoteid parameter...
GHSA-49W9-82CJ-XR48 MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...
GHSA-XJMX-CPRH-646R MantisBT unauthorized users able to access private files
An issue was discovered in filedownload.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the supposedly private attachments linked to these notes by accessing the corresponding file download URL directly...