531 matches found
CVE-2007-1290
CVE-2007-1290 is a confirmed SQL injection in Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability resides in ViewReport.php and allows remote attackers to modify or execute arbitrary SQL via the bug parameter. This is documented in the NVD entry and corroborated by multiple connected rec...
CVE-2007-1289
CVE-2007-1289 affects Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability is an SQL injection in ViewBugs.php exploitable via the s parameter, enabling remote attackers to execute arbitrary SQL commands. This relates to a flaw in input handling (unsanitized user input) in that component,...
Tyger Bug Tracking System Multiple Vulnerability
-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...
Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...
Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...
Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection
Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails...
DSA-1208-1 bugzilla
Bulletin has no description...
Debian DSA-1133-1 : mantis - missing input sanitising
Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...
Bugzilla bug tracking system symbolic links vulnerability
syncshadowdb script symbolic links problem...
CVSTrac filediff vulnerability
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. OpenVAS has determined the vulnerability...
CVSTrac history.c history_update function overflow
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system...
CVSTrac chdir() chroot jail escape
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...
MySQL Eventum Multiple flaws
The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...
Debian DSA-778-1 : mantis - missing input sanitising
Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts tha...
Bugzilla bug tracking system information leak
It's possible to determine if closed product exist, password can be leaked as a part of URL...
CVSTrac Detection
The remote host is running CVSTrac, a web-based bug and patch-set tracking system for CVS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid15722; scriptversion"1.14";...
Debian DSA-161-1 : mantis - privilege escalation
A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to...
CVSTrac Database Plaintext Password Storage
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to .db files that may allow an attacker to gain access to plaintext passwords. Nessus has determined the vulnerability exists on the target simply by looking at...
phpBugTracker 0.9.1 - Multiple Vulnerabilities
phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear that the $bugid variable is passed into the...