Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis mantis 1.0.7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-4689
Mantis prior to 1.1.3 does not unset the session cookie during logout, which makes it easier for remote malicious users to hijack sessions.
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.1.1
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
9
CVSSv2
CVE-2008-4687
manage_proj_page.php in Mantis prior to 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Mantis Mantis 1.0.2
Mantis Mantis 1.0.1
Mantis Mantis 1.0.4
Mantis Mantis 1.0.3
Mantis Mantis 1.1.2
Mantis Mantis
Mantis Mantis 1.0.6
Mantis Mantis 1.0.5
Mantis Mantis 1.0.8
Mantis Mantis 1.1.1
Mantis Mantis 1.0.7
Mantis Mantis 0.19.4
Mantis Mantis 0.19.3
2 EDB exploits
2 Github repositories
5
CVSSv2
CVE-2008-4688
core/string_api.php in Mantis prior to 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote malicious users to discover an issue's title and status via a request with a modified issue number.
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
Mantis Mantis 1.1.2
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis 1.1.1
Mantis Mantis
6.8
CVSSv2
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
4.3
CVSSv2
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to us...
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
4.3
CVSSv2
CVE-2014-9270
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 up to and including 1.2.17 allows remote malicious users to inject arbitrary web script or HTML via the "profile/Platform" field.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.0.1
3.5
CVSSv2
CVE-2013-4460
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 up to and including 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.0.9
3.6
CVSSv2
CVE-2012-1120
The SOAP API in MantisBT prior to 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.9
7.5
CVSSv2
CVE-2012-1123
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT prior to 1.2.9 allows remote malicious users to bypass authentication via a null password.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.2
3.6
CVSSv2
CVE-2012-2692
MantisBT prior to 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »