Lucene search
K

531 matches found

CVE
CVE
added 2007/03/07 12:0 a.m.43 views

CVE-2007-1290

CVE-2007-1290 is a confirmed SQL injection in Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability resides in ViewReport.php and allows remote attackers to modify or execute arbitrary SQL via the bug parameter. This is documented in the NVD entry and corroborated by multiple connected rec...

7.5CVSS8.1AI score0.01001EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2007/03/07 12:0 a.m.46 views

CVE-2007-1289

CVE-2007-1289 affects Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability is an SQL injection in ViewBugs.php exploitable via the s parameter, enabling remote attackers to execute arbitrary SQL commands. This relates to a flaw in input handling (unsanitized user input) in that component,...

6.4CVSS8.3AI score0.01215EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2007/03/03 12:0 a.m.59 views

Tyger Bug Tracking System Multiple Vulnerability

-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/26 12:0 a.m.19 views

Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/26 12:0 a.m.22 views

Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...

7AI score
Exploits0
exploitpack
exploitpack
added 2007/02/26 12:0 a.m.9 views

Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection

Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails...

0.1AI score
Exploits0
OSV
OSV
added 2006/11/11 12:0 a.m.22 views

DSA-1208-1 bugzilla

Bulletin has no description...

7.5CVSS6.1AI score0.01868EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.24 views

Debian DSA-1133-1 : mantis - missing input sanitising

Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...

10CVSS5.5AI score0.0534EPSS
Exploits2References11
securityvulns
securityvulns
added 2005/12/29 12:0 a.m.44 views

Bugzilla bug tracking system symbolic links vulnerability

syncshadowdb script symbolic links problem...

1.7AI score
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.21 views

CVSTrac filediff vulnerability

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. OpenVAS has determined the vulnerability...

7.5CVSS0.2AI score0.13991EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.10 views

CVSTrac history.c history_update function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system...

8.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.14 views

CVSTrac chdir() chroot jail escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.8 views

MySQL Eventum Multiple flaws

The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/08/23 12:0 a.m.29 views

Debian DSA-778-1 : mantis - missing input sanitising

Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts tha...

7.5CVSS5.4AI score0.02576EPSS
Exploits1References5
securityvulns
securityvulns
added 2005/05/13 12:0 a.m.29 views

Bugzilla bug tracking system information leak

It's possible to determine if closed product exist, password can be leaked as a part of URL...

1.8AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/11/13 12:0 a.m.15 views

CVSTrac Detection

The remote host is running CVSTrac, a web-based bug and patch-set tracking system for CVS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid15722; scriptversion"1.14";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

Debian DSA-161-1 : mantis - privilege escalation

A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to...

7.5CVSS5.4AI score0.0158EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2004/08/17 12:0 a.m.24 views

CVSTrac Database Plaintext Password Storage

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to .db files that may allow an attacker to gain access to plaintext passwords. Nessus has determined the vulnerability exists on the target simply by looking at...

5.5AI score
Exploits0References2
exploitpack
exploitpack
added 2004/04/14 12:0 a.m.18 views

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2004/04/14 12:0 a.m.27 views

phpBugTracker < 0.9.1 - Multiple Vulnerabilities

phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear that the $bugid variable is passed into the...

7.4AI score
Exploits0
Rows per page
Query Builder