Search criteria
44 vulnerabilities by mantis
CVE-2013-1811 (GCVE-0-2013-1811)
Vulnerability from cvelistv5 – Published: 2019-11-07 22:28 – Updated: 2024-08-06 15:13
VLAI
Summary
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
Severity
No CVSS data available.
CWE
- Other
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3120 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/03/03/6 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/03/04/9 | x_refsource_MISC |
| https://mantisbt.org/bugs/view.php?id=15258 | x_refsource_CONFIRM |
Date Public
2012-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mantis",
"vendor": "mantis",
"versions": [
{
"status": "affected",
"version": "1.2.13"
}
]
}
],
"datePublic": "2012-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T22:28:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mantis",
"version": {
"version_data": [
{
"version_value": "1.2.13"
}
]
}
}
]
},
"vendor_name": "mantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An access control issue in MantisBT before 1.2.13 allows users with \"Reporter\" permissions to change any issue to \"New\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1811",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1811"
},
{
"name": "http://www.debian.org/security/2015/dsa-3120",
"refsource": "MISC",
"url": "http://www.debian.org/security/2015/dsa-3120"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/03/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/6"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/03/04/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/03/04/9"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=15258",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=15258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1811",
"datePublished": "2019-11-07T22:28:06.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:13:33.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4687 (GCVE-0-2008-4687)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI
Summary
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://bugs.gentoo.org/show_bug.cgi?id=242722 | x_refsource_CONFIRM |
| http://secunia.com/advisories/32975 | third-party-advisoryx_refsource_SECUNIA |
| http://mantisbt.svn.sourceforge.net/viewvc/mantis… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31789 | vdb-entryx_refsource_BID |
| http://www.gentoo.org/security/en/glsa/glsa-20081… | vendor-advisoryx_refsource_GENTOO |
| http://www.mantisbt.org/bugs/view.php?id=0009704 | x_refsource_CONFIRM |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/44611/ | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/32314 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2008/10/19/1 | mailing-listx_refsource_MLIST |
| https://www.exploit-db.com/exploits/6768 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4470 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-12T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679\u0026r2=5678\u0026pathrev=5679"
},
{
"name": "31789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31789"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=0009704",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=0009704"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "44611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44611/"
},
{
"name": "32314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32314"
},
{
"name": "[oss-security] 20081019 CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"
},
{
"name": "6768",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6768"
},
{
"name": "mantis-sort-code-execution(45942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"
},
{
"name": "4470",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4687",
"datePublished": "2008-10-22T17:00:00.000Z",
"dateReserved": "2008-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4688 (GCVE-0-2008-4688)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI
Summary
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32243 | third-party-advisoryx_refsource_SECUNIA |
| http://mantisbt.svn.sourceforge.net/viewvc/mantis… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31868 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/32975 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20081… | vendor-advisoryx_refsource_GENTOO |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/10/20/1 | mailing-listx_refsource_MLIST |
| http://www.mantisbt.org/bugs/view.php?id=9321 | x_refsource_CONFIRM |
Date Public
2008-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-28T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue\u0027s title and status via a request with a modified issue number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32243"
},
{
"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384",
"refsource": "CONFIRM",
"url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.php?r1=5285\u0026r2=5384\u0026pathrev=5384"
},
{
"name": "31868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31868"
},
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9321",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4688",
"datePublished": "2008-10-22T17:00:00.000Z",
"dateReserved": "2008-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4689 (GCVE-0-2008-4689)
Vulnerability from cvelistv5 – Published: 2008-10-22 17:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/32975 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mantisbt.org/bugs/file_download.php?fi… | x_refsource_CONFIRM |
| http://www.gentoo.org/security/en/glsa/glsa-20081… | vendor-advisoryx_refsource_GENTOO |
| http://www.mantisbt.org/bugs/view.php?id=9664 | x_refsource_CONFIRM |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2008/10/20/1 | mailing-listx_refsource_MLIST |
Date Public
2008-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32975"
},
{
"name": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/file_download.php?file_id=1988\u0026type=bug"
},
{
"name": "GLSA-200812-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9664",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9664"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-session-cookie-hijacking(46084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46084"
},
{
"name": "[oss-security] 20081020 Re: CVE request: mantisbt \u003c 1.1.4: RCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4689",
"datePublished": "2008-10-22T17:00:00.000Z",
"dateReserved": "2008-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3332 (GCVE-0-2008-3332)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/30270 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=121130774617956&w=4 | mailing-listx_refsource_BUGTRAQ |
| http://www.gentoo.org/security/en/glsa/glsa-20080… | vendor-advisoryx_refsource_GENTOO |
| https://www.exploit-db.com/exploits/5657 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/31972 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/1598… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29297 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4044 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "mantis-admconfigset-code-execution(42550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42550"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3332",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3333 (GCVE-0-2008-3333)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30354 | vdb-entryx_refsource_BID |
| http://www.mantisbt.org/bugs/view.php?id=9154 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=456044 | x_refsource_CONFIRM |
| http://secunia.com/advisories/30270 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20080… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/31972 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/29297 | vdb-entryx_refsource_BID |
Date Public
2008-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30354"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=9154",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=9154"
},
{
"name": "mantis-accountprefsupdate-file-include(43984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43984"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=456044",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456044"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3333",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3331 (GCVE-0-2008-3331)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mantisbt.org/bugs/changelog_page.php | x_refsource_CONFIRM |
| http://secunia.com/advisories/30270 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=121130774617956&w=4 | mailing-listx_refsource_BUGTRAQ |
| http://www.gentoo.org/security/en/glsa/glsa-20080… | vendor-advisoryx_refsource_GENTOO |
| https://www.exploit-db.com/exploits/5657 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/31972 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/1598… | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/29297 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4044 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-returndynamicfilters-xss(42549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42549"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php"
},
{
"name": "30270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30270"
},
{
"name": "20080520 Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=121130774617956\u0026w=4"
},
{
"name": "GLSA-200809-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200809-10.xml"
},
{
"name": "5657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5657"
},
{
"name": "31972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31972"
},
{
"name": "ADV-2008-1598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1598/references"
},
{
"name": "29297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29297"
},
{
"name": "4044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3331",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0404 (GCVE-0-2008-0404)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/28591 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/28577 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2008/0232 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27367 | vdb-entryx_refsource_BID |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=429552 | x_refsource_CONFIRM |
Date Public
2008-01-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"Most active bugs\" summary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=569765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=569765"
},
{
"name": "28591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28591"
},
{
"name": "28577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28577"
},
{
"name": "FEDORA-2008-0856",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html"
},
{
"name": "ADV-2008-0232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0232"
},
{
"name": "mantis-mostactive-xss(39801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39801"
},
{
"name": "27367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27367"
},
{
"name": "FEDORA-2008-0796",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=429552",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0404",
"datePublished": "2008-01-23T11:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6611 (GCVE-0-2007-6611)
Vulnerability from cvelistv5 – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI
Summary
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://osvdb.org/39873 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/29198 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/27045 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28551 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mantisbt.org/bugs/view.php?id=8679 | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2008/dsa-1467 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/28352 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=427277 | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-200803-04.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/28185 | third-party-advisoryx_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
Date Public
2007-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39873",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39873",
"refsource": "OSVDB",
"url": "http://osvdb.org/39873"
},
{
"name": "29198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29198"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=562940",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=562940"
},
{
"name": "27045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27045"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=8679",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=8679"
},
{
"name": "FEDORA-2008-0282",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00227.html"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
},
{
"name": "28352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28352"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427277",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427277"
},
{
"name": "GLSA-200803-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-04.xml"
},
{
"name": "28185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28185"
},
{
"name": "FEDORA-2008-0353",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00309.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6611",
"datePublished": "2008-01-03T22:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6574 (GCVE-0-2006-6574)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mant… | x_refsource_MISC |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/23258 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.mantisbugtracker.com/view.php?id=7364 | x_refsource_MISC |
| http://secunia.com/advisories/28551 | third-party-advisoryx_refsource_SECUNIA |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mant… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/4978 | vdb-entryx_refsource_VUPEN |
| http://bugs.mantisbugtracker.com/view.php?id=3375 | x_refsource_MISC |
| http://www.mantisbugtracker.com/changelog.php | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/21566 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2008/dsa-1467 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2006-09-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28551"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-customfield-info-disclosure(30870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30870"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "23258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23258"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=7364",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=7364"
},
{
"name": "28551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28551"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/core/history_api.php?r1=1.34\u0026r2=1.35"
},
{
"name": "ADV-2006-4978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4978"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=3375",
"refsource": "MISC",
"url": "http://bugs.mantisbugtracker.com/view.php?id=3375"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
},
{
"name": "21566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21566"
},
{
"name": "DSA-1467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6574",
"datePublished": "2006-12-15T19:00:00.000Z",
"dateReserved": "2006-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2666 (GCVE-0-2004-2666)
Vulnerability from cvelistv5 – Published: 2006-12-15 19:00 – Updated: 2024-08-08 01:36
VLAI
Summary
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://mantisbt.cvs.sourceforge.net/mantisbt/mant… | x_refsource_MISC |
| http://mantisbt.cvs.sourceforge.net/mantisbt/mant… | x_refsource_MISC |
| http://bugs.mantisbugtracker.com/view.php?id=4724 | x_refsource_CONFIRM |
Date Public
2004-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:14:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug\u0027s web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24\u0026r2=1.25"
},
{
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2666",
"datePublished": "2006-12-15T19:00:00.000Z",
"dateReserved": "2006-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6515 (GCVE-0-2006-6515)
Vulnerability from cvelistv5 – Published: 2006-12-14 01:00 – Updated: 2024-08-07 20:26
VLAI
Summary
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.mantisbugtracker.com/changelog.php | x_refsource_CONFIRM |
Date Public
2006-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T16:21:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbugtracker.com/changelog.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to \"reporter\" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=469627",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=469627"
},
{
"name": "http://www.mantisbugtracker.com/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbugtracker.com/changelog.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6515",
"datePublished": "2006-12-14T01:00:00.000Z",
"dateReserved": "2006-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:26:46.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1577 (GCVE-0-2006-1577)
Vulnerability from cvelistv5 – Published: 2006-04-02 21:00 – Updated: 2024-08-07 17:19
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19471 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17326 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/24292 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/21400 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2006/1184 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://pridels0.blogspot.com/2006/03/mantis-xss-v… | x_refsource_MISC |
Date Public
2006-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19471"
},
{
"name": "17326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17326"
},
{
"name": "24292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24292"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "ADV-2006-1184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1184"
},
{
"name": "mantis-viewallset-script-xss(25579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25579"
},
{
"name": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/mantis-xss-vuln.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1577",
"datePublished": "2006-04-02T21:00:00.000Z",
"dateReserved": "2006-04-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:19:48.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0841 (GCVE-0-2006-0841)
Vulnerability from cvelistv5 – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/16657 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_MISC |
| http://secunia.com/advisories/21400 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/archive/1/425046/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/23248 | vdb-entryx_refsource_OSVDB |
| http://morph3us.org/advisories/20060214-mantis-10… | x_refsource_MISC |
| http://www.osvdb.org/22487 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/project/showfiles.php?grou… | x_refsource_MISC |
Date Public
2006-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "23248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23248"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "22487",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22487"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0841",
"datePublished": "2006-02-22T02:00:00.000Z",
"dateReserved": "2006-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0840 (GCVE-0-2006-0840)
Vulnerability from cvelistv5 – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
VLAI
Summary
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/16657 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/425046/100… | mailing-listx_refsource_BUGTRAQ |
| http://morph3us.org/advisories/20060214-mantis-10… | x_refsource_MISC |
| http://sourceforge.net/project/showfiles.php?grou… | x_refsource_MISC |
Date Public
2006-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a \u0027 (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16657"
},
{
"name": "mantis-manageuserpagesql-injection(24726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24726"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=386059\u0026group_id=14963"
},
{
"name": "20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425046/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060214-mantis-100rc4.txt"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059",
"refsource": "MISC",
"url": "http://sourceforge.net/project/showfiles.php?group_id=14963\u0026package_id=12175\u0026release_id=386059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0840",
"datePublished": "2006-02-22T02:00:00.000Z",
"dateReserved": "2006-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0664 (GCVE-0-2006-0664)
Vulnerability from cvelistv5 – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI
Summary
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/0485 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/21400 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/16561 | vdb-entryx_refsource_BID |
Date Public
2006-02-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mantis-configdefaultsinc-xss(24585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24585"
},
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0664",
"datePublished": "2006-02-13T11:00:00.000Z",
"dateReserved": "2006-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0665 (GCVE-0-2006-0665)
Vulnerability from cvelistv5 – Published: 2006-02-13 11:00 – Updated: 2024-08-07 16:41
VLAI
Summary
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/0485 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/21400 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2006/dsa-1133 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/16561 | vdb-entryx_refsource_BID |
Date Public
2006-02-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-08-09T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0485"
},
{
"name": "21400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21400"
},
{
"name": "DSA-1133",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1133"
},
{
"name": "16561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0665",
"datePublished": "2006-02-13T11:00:00.000Z",
"dateReserved": "2006-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:41:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0147 (GCVE-0-2006-0147)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI
Summary
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
30 references
Date Public
2006-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "adodb-tmssql-command-execution(24052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
},
{
"name": "19628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19628"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "1663",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1663"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "20060412 Simplog \u003c=0.9.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "http://retrogod.altervista.org/simplog_092_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
},
{
"name": "ADV-2006-1332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1332"
},
{
"name": "22291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22291"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0147",
"datePublished": "2006-01-09T23:00:00.000Z",
"dateReserved": "2006-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0146 (GCVE-0-2006-0146)
Vulnerability from cvelistv5 – Published: 2006-01-09 23:00 – Updated: 2024-08-07 16:25
VLAI
Summary
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
40 references
Date Public
2006-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19590"
},
{
"name": "18267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18267"
},
{
"name": "18254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18254"
},
{
"name": "19555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19555"
},
{
"name": "DSA-1029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1029"
},
{
"name": "20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
},
{
"name": "http://www.maxdev.com/Article550.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article550.phtml"
},
{
"name": "ADV-2006-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0105"
},
{
"name": "19699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19699"
},
{
"name": "DSA-1030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1030"
},
{
"name": "ADV-2006-1305",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1305"
},
{
"name": "24954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24954"
},
{
"name": "18276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18276"
},
{
"name": "713",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/713"
},
{
"name": "ADV-2006-1304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1304"
},
{
"name": "19600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19600"
},
{
"name": "20070418 MediaBeez Sql query Execution .. Wear isn\u0027t ?? :)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466171/100/0/threaded"
},
{
"name": "ADV-2006-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0103"
},
{
"name": "http://secunia.com/secunia_research/2005-64/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-64/advisory/"
},
{
"name": "16187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16187"
},
{
"name": "18720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18720"
},
{
"name": "ADV-2006-1419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1419"
},
{
"name": "19591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19591"
},
{
"name": "ADV-2006-0447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0447"
},
{
"name": "adodb-server-command-execution(24051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"
},
{
"name": "17418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17418"
},
{
"name": "http://www.xaraya.com/index.php/news/569",
"refsource": "CONFIRM",
"url": "http://www.xaraya.com/index.php/news/569"
},
{
"name": "19691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19691"
},
{
"name": "ADV-2006-0102",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0102"
},
{
"name": "ADV-2006-0101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0101"
},
{
"name": "18233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18233"
},
{
"name": "22290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22290"
},
{
"name": "ADV-2006-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0370"
},
{
"name": "DSA-1031",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1031"
},
{
"name": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
},
{
"name": "20060202 Bug for libs in php link directory 2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423784/100/0/threaded"
},
{
"name": "ADV-2006-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0104"
},
{
"name": "18260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18260"
},
{
"name": "GLSA-200604-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
},
{
"name": "19563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0146",
"datePublished": "2006-01-09T23:00:00.000Z",
"dateReserved": "2006-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:33.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4522 (GCVE-0-2005-4522)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/22053 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/18481 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16046/ | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18181/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18221 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22053"
},
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4522",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4520 (GCVE-0-2005-4520)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18481 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/22488 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16046/ | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18181/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18221 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified \"port injection\" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "22488",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22488"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4520",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4523 (GCVE-0-2005-4523)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18481 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/18181/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18221 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4523",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4519 (GCVE-0-2005-4519)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18481 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/16046/ | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18181/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/3064 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/22052 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/18221 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/22051 | vdb-entryx_refsource_OSVDB |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://www.trapkit.de/advisories/TKADV2005-11-002.txt | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377932\u0026group_id=14963"
},
{
"name": "16046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16046/"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "22052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22052"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "22051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22051"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934\u0026group_id=14963"
},
{
"name": "GLSA-200512-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4519",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4238 (GCVE-0-2005-4238)
Vulnerability from cvelistv5 – Published: 2005-12-14 11:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/18481 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15842 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2874 | vdb-entryx_refsource_VUPEN |
| http://pridels0.blogspot.com/2005/12/mantis-bugtr… | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-944 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/18018 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "15842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15842"
},
{
"name": "ADV-2005-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4238",
"datePublished": "2005-12-14T11:00:00.000Z",
"dateReserved": "2005-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3336 (GCVE-0-2005-3336)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI
Summary
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisoryx_refsource_DEBIAN |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.osvdb.org/20324 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/2221 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/16506 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17654 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17362 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/16818 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15227 | vdb-entryx_refsource_BID |
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20324"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3336",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3339 (GCVE-0-2005-3339)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/16506 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17654 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17362 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15227 | vdb-entryx_refsource_BID |
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3339",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3338 (GCVE-0-2005-3338)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM |
| http://www.debian.org/security/2005/dsa-905 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/16506 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17654 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17362 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/15227 | vdb-entryx_refsource_BID |
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3338",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3335 (GCVE-0-2005-3335)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI
Summary
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "MISC",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "121",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/121"
},
{
"name": "ADV-2005-2221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2221"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "http://secunia.com/secunia_research/2005-46/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-46/advisory/"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15212"
},
{
"name": "16818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16818"
},
{
"name": "1015110",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015110"
},
{
"name": "mantis-tcorepath-file-include(22886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22886"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3335",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3337 (GCVE-0-2005-3337)
Vulnerability from cvelistv5 – Published: 2005-10-27 04:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://bugs.mantisbt.org/changelog_page.php | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://www.osvdb.org/20321 | vdb-entryx_refsource_OSVDB |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17362 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=362673",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=362673"
},
{
"name": "20321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20321"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3337",
"datePublished": "2005-10-27T04:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2557 (GCVE-0-2005-2557)
Vulnerability from cvelistv5 – Published: 2005-09-28 04:00 – Updated: 2024-08-07 22:30
VLAI
Summary
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2005/dsa-778 | vendor-advisoryx_refsource_DEBIAN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/16506 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/14604 | vdb-entryx_refsource_BID |
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://www.mantisbt.org/changelog.php | x_refsource_CONFIRM |
| http://marc.info/?l=bugtraq&m=112786017426276&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-08-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-778"
},
{
"name": "mantis-bug-report-xss(21958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21958"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "http://www.mantisbt.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/changelog.php"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112786017426276\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-2557",
"datePublished": "2005-09-28T04:00:00.000Z",
"dateReserved": "2005-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:30:01.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}