Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.18 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
NA
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
NA
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
NA
CVE-2014-9089
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT prior to 1.2.18 allow remote malicious users to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Debian Debian Linux 1.2
Mantisbt Mantisbt
4.3
CVSSv3
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 6.0
Debian Debian Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3