Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis vulnerabilities and exploits
(subscribe to this query)
357
VMScore
CVE-2020-28413
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
Mantisbt Mantisbt 2.24.3
356
VMScore
CVE-2013-1811
An access control issue in MantisBT prior to 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Mantisbt Mantisbt
Debian Debian Linux 7.0
Debian Debian Linux 6.0
356
VMScore
CVE-2014-8988
MantisBT prior to 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a...
Mantisbt Mantisbt 1.2.17
355
VMScore
CVE-2008-3331
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the filter_target parameter.
Mantis Mantis 0.10.2
Mantis Mantis 0.10
Mantis Mantis 0.12.0
Mantis Mantis 0.14.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19
Mantis Mantis 0.18.2
Mantis Mantis 0.18.0
Mantis Mantis 1.0.2
Mantis Mantis 0.15.12
Mantis Mantis 0.18.0a2
Mantis Mantis 0.18.0a4
Mantis Mantis 0.15.3
Mantis Mantis 0.18
Mantis Mantis 0.15.0
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 0.15.9
Mantis Mantis 0.14.2
Mantis Mantis 0.9.1
Mantis Mantis 0.13
Mantis Mantis 0.10.1
1 EDB exploit
320
VMScore
CVE-2012-1122
bug_actiongroup.php in MantisBT prior to 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to b...
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.0a1
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.0.0a3
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 0.19.0a1
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0a2
Mantisbt Mantisbt 1.1.5
320
VMScore
CVE-2012-1120
The SOAP API in MantisBT prior to 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.1
320
VMScore
CVE-2012-2692
MantisBT prior to 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.2
320
VMScore
CVE-2003-0499
Mantis 0.17.5 and previous versions stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
Mantis Mantis 0.17.5
312
VMScore
CVE-2013-1934
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 prior to 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt
Debian Debian Linux 7.0
312
VMScore
CVE-2014-9506
MantisBT prior to 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.
Mantisbt Mantisbt
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »