Software
Mantis MantisMantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remot…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis MantisMantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), wh…
Mantis MantisMantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis Mantismanage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter contain…
Mantis MantisUnspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
John Lim ADOdbDynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, …
Mantis MantisUnspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis MantisMantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has…
Mantis MantisMantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attacke…
Mantis MantisMantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis MantisMantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack v…
Mantis MantisUnspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display th…
Mantis MantisPHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis Mantiscore/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remo…
Mantis MantisPHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitra…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis MantisMantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardle…
Mantis Mantissignup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multip…
Mantis MantisMantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuratio…
Mantis Mantissummary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrar…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mantis MantisMantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifyin…
Mantis MantisThe "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of pri…
Mantis Mantisprint_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, whic…
Mantis MantisMantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.