Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis mantis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4689
Mantis prior to 1.1.3 does not unset the session cookie during logout, which makes it easier for remote malicious users to hijack sessions.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis
Mantis Mantis 1.0.4
Mantis Mantis 1.0.8
Mantis Mantis 0.19.3
Mantis Mantis 1.0.7
Mantis Mantis 1.0.1
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.1.1
Mantis Mantis 0.19.4
NA
CVE-2006-6515
Mantis prior to 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0
Mantis Mantis 1.0.1
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0 Rc5
Mantis Mantis
NA
CVE-2006-6574
Mantis prior to 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote malicious users to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0
Mantis Mantis 1.0.1
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0 Rc5
Mantis Mantis
NA
CVE-2005-2556
core/database_api.php in Mantis 0.19.0a1 up to and including 1.0.0a3, with register_globals enabled, allows remote malicious users to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 1.0.0a2
Mantis Mantis 0.19.0
Mantis Mantis 0.19.1
Mantis Mantis 0.19.2
NA
CVE-2005-3090
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 up to and including 1.0.0a3 allows remote malicious users to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete th...
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 1.0.0a2
Mantis Mantis 0.19.0
Mantis Mantis 0.19.1
Mantis Mantis 0.19.2
NA
CVE-2006-1577
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.1
Mantis Mantis 1.0
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
NA
CVE-2005-3337
Multiple cross-site scripting (XSS) vulnerabilities in Mantis prior to 0.19.3 allow remote malicious users to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
Mantis Mantis 0.19.3
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.0
Mantis Mantis 0.19.1
Mantis Mantis 0.19.2
NA
CVE-2005-3338
Unspecified vulnerability in Mantis prior to 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
Mantis Mantis 0.19.3
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.0
Mantis Mantis 0.19.1
Mantis Mantis 0.19.2
NA
CVE-2005-3339
Mantis prior to 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Mantis Mantis 0.19.3
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.0
Mantis Mantis 0.19.1
Mantis Mantis 0.19.2
NA
CVE-2002-1116
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and previous versions includes summaries of private bugs for users that do not have access to any projects.
Mantis Mantis 0.17.0
Mantis Mantis 0.17.4a
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.17.1
Mantis Mantis 0.17.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »