Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis mantis vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
445
VMScore
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
445
VMScore
CVE-2014-6387
gpc_api.php in MantisBT 1.2.17 and previous versions allows remote malicious users to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.14
445
VMScore
CVE-2013-1883
Mantis Bug Tracker (aka MantisBT) 1.2.12 prior to 1.2.15 allows remote malicious users to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
445
VMScore
CVE-2008-4688
core/string_api.php in Mantis prior to 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote malicious users to discover an issue's title and status via a request with a modified issue number.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis 1.0.4
Mantis Mantis 1.0.8
Mantis Mantis 0.19.3
Mantis Mantis 1.0.7
Mantis Mantis
Mantis Mantis 1.1.2
Mantis Mantis 1.0.1
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.1.1
Mantis Mantis 0.19.4
445
VMScore
CVE-2008-3102
Mantis 1.1.x up to and including 1.1.2 and 1.2.x up to and including 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote malicious users to capture this cookie.
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.1
445
VMScore
CVE-2006-6574
Mantis prior to 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote malicious users to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Mantis Mantis 1.0.6
Mantis Mantis 1.0.2
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0
Mantis Mantis 1.0.1
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.5
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0 Rc5
Mantis Mantis
445
VMScore
CVE-2006-0840
manage_user_page.php in Mantis 1.00rc4 and previous versions does not properly handle a sort parameter containing a ' (quote) character, which allows remote malicious users to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses wit...
Mantis Mantis 0.10.2
Mantis Mantis 0.10
Mantis Mantis 0.12.0
Mantis Mantis 0.14.7
Mantis Mantis 0.18.2
Mantis Mantis 0.18.0
Mantis Mantis 0.18.0a2
Mantis Mantis 0.18.0a4
Mantis Mantis 0.18
Mantis Mantis 0.15.0
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 0.14.2
Mantis Mantis 0.9.1
Mantis Mantis 0.13
Mantis Mantis 0.10.1
Mantis Mantis 0.17.0
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 0.19.3
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 0.15.2
Mantis Mantis 0.19.0a1
Mantis Mantis 0.11
445
VMScore
CVE-2005-4523
Mantis 1.0.0rc3 and previous versions discloses private bugs via public RSS feeds, which allows remote malicious users to obtain sensitive information.
Mantis Mantis 0.10.2
Mantis Mantis 0.10
Mantis Mantis 0.14.7
Mantis Mantis 0.18.2
Mantis Mantis 0.15.12
Mantis Mantis 0.18.0a2
Mantis Mantis 0.18.0a4
Mantis Mantis 0.15.3
Mantis Mantis 0.18
Mantis Mantis 0.15.9
Mantis Mantis 0.14.2
Mantis Mantis 0.9.1
Mantis Mantis 0.13
Mantis Mantis 0.10.1
Mantis Mantis 0.17.0
Mantis Mantis 0.15.10
Mantis Mantis 0.16.1
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 0.19.3
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 0.15.2
Mantis Mantis 0.15.4
445
VMScore
CVE-2005-4520
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and previous versions have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this ...
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »