Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-9388
bug_report.php in MantisBT prior to 1.2.18 allows remote malicious users to assign arbitrary issues via the handler_id parameter.
Mantisbt Mantisbt
3.5
CVSSv2
CVE-2014-9506
MantisBT prior to 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
Mantisbt Mantisbt
3.6
CVSSv2
CVE-2012-1120
The SOAP API in MantisBT prior to 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.9
5
CVSSv2
CVE-2014-9117
MantisBT prior to 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote malicious users to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for...
Mantisbt Mantisbt
4.3
CVSSv2
CVE-2014-9281
Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT prior to 1.2.18 allows remote malicious users to inject arbitrary web script or HTML via the dest_id field.
Mantisbt Mantisbt
5
CVSSv2
CVE-2014-8553
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT prior to 1.2.18 allows remote malicious users to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.
Mantisbt Mantisbt
7.5
CVSSv2
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.9
3.5
CVSSv2
CVE-2014-8986
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 up to and including 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a ...
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.13
4
CVSSv2
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
7.5
CVSSv2
CVE-2014-9089
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT prior to 1.2.18 allow remote malicious users to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Debian Debian Linux 1.2
Mantisbt Mantisbt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »