16 matches found
Mantis Bug Tracker 安全漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from a lack of authorization checks in the file visibility function, allowing authenticated user...
EUVD-2005-4518
Malware in sbrugna...
EUVD-2012-1152
Malware in sbrugna...
EUVD-2009-3368
Malware in sbrugna...
CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...
Malicious code in private-bug-bounty (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a00733ed27d2b66f512559495dc079196948c176ea93c337042bed009427afc4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12025 Malicious code in private-bug-bounty-secret (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f3a55444761df525e7428c98e6dd9a390a1cf5cfea4a7485f768da73a2067df6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
kernel: KVM: s390: vsie: fix race during shadow creation
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...
MantisBT < 2.24.3 Multiple Vulnerabilities - Linux
MantisBT is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
mantis -- multiple vulnerabilities
Mantis 2.24.3 release reports: This release fixes 3 security issues: 0027039: CVE-2020-25781: Access to private bug note attachments 0027275: CVE-2020-25288: HTML Injection on bugupdatepage.php 0027304: CVE-2020-25830: HTML Injection in bugactiongrouppage.php...
ReVuln Emerges as New Player in Vulnerability Sales Market
It’s getting difficult these days to keep track of all of the companies, public and otherwise, that are buying and selling vulnerabilities or information on bugs, and now there’s another group on the scene: ReVuln. But, unlike other companies in the industry, ReVuln is mostly focusing its efforts...
CVE-2012-1118
The accesshasbuglevel function in core/accessapi.php in MantisBT before 1.2.9 does not properly restrict access when the privatebugviewthreshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports...
CVE-2009-3386
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the 1 Depends On or 2 Blocks field of a related bug...
CVE-2009-3386
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the 1 Depends On or 2 Blocks field of a related bug...
Bugzilla < 2.16.7 / 2.18.0rc3 Multiple Information Disclosures
The remote Bugzilla bug tracking system, according to its version number, is vulnerable to various flaws that may let an attacker bypass authentication or get access to private bug reports. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
CVE-2002-1116
The "View Bugs" page viewallbugpage.php in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects...