Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-2556
core/database_api.php in Mantis 0.19.0a1 up to and including 1.0.0a3, with register_globals enabled, allows remote malicious users to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.2
Mantis Mantis 1.0.0a1
Mantis Mantis 0.19.0
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0a3
Mantis Mantis 0.19.0a2
Mantis Mantis 0.19.1
668
VMScore
CVE-2004-1734
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote malicious users to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that conta...
Mantis Mantis 0.19.0a
668
VMScore
CVE-2002-1114
config_inc2.php in Mantis prior to 0.17.4 allows remote malicious users to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
Mantis Mantis 0.17.0
Mantis Mantis 0.17.3
Mantis Mantis 0.17.1
Mantis Mantis 0.17.2
668
VMScore
CVE-2002-1116
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and previous versions includes summaries of private bugs for users that do not have access to any projects.
Mantis Mantis 0.17.3
Mantis Mantis 0.17.4
Mantis Mantis 0.17.4a
Mantis Mantis 0.17.0
Mantis Mantis 0.17.1
Mantis Mantis 0.17.2
655
VMScore
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
655
VMScore
CVE-2008-3332
Eval injection vulnerability in adm_config_set.php in Mantis prior to 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Mantis Mantis 0.11
Mantis Mantis 0.11.0
Mantis Mantis 0.14
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.4
Mantis Mantis 0.9
1 EDB exploit
645
VMScore
CVE-2014-8598
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote malicious users to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execu...
Mantisbt Mantisbt
1 EDB exploit
641
VMScore
CVE-2005-3339
Mantis prior to 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Mantis Mantis 0.19.0
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.0a1
Mantis Mantis 0.19.0a2
Mantis Mantis 0.19.2
Mantis Mantis 0.19.1
Mantis Mantis 0.19.3
605
VMScore
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
605
VMScore
CVE-2006-1577
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Mantis Mantis 1.0.0a1
Mantis Mantis 1.0.0a2
Mantis Mantis 1.0.0 Rc1
Mantis Mantis 1.0.0 Rc2
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0
Mantis Mantis 1.0.0a3
Mantis Mantis 1.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »