exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

MantisBT 1.2.3 Cross Site Scripting / Path Disclosure
Posted Dec 15, 2010
Authored by LiquidWorm | Site zeroscience.mk

MantisBT versions 1.2.3 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 18a95d91ab5662bc9da22edd42c6085d143c012493617b0a9f216e4bbb8cd78e

Related Files

MantisBT 1.3.0 File Download
Posted Jun 17, 2015
Authored by indoushka

MantisBT version 1.3.0 suffers from a remote file download vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | 671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1e
MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
Posted Jan 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

MantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-9571, CVE-2014-9572, CVE-2014-9573
SHA-256 | 66702fafa02a9dbc923285c073b3f395b675adad64da5dfa2394ca10e6440fd2
MantisBT XmlImportExport Plugin PHP Code Injection
Posted Nov 18, 2014
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-7146
SHA-256 | 48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9
MantisBT Admin SQL Injection Arbitrary File Read
Posted Mar 3, 2014
Authored by Brandon Perry | Site metasploit.com

MantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2014-2238
SHA-256 | aa47d71bf88217768761036b4fe39e67d36b8a53ac37514259ca02cca0186d98
MantisBT 1.2.16 SQL Injection
Posted Mar 2, 2014
Authored by HauntIT

MantisBT version 1.2.16 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 920455a7475eaa40b79d5ec69566d82d5c1e669a641ca3c45e1041ff75adafed
MantisBT 1.1.0a4 / 1.2.15 SQL Injection
Posted Feb 9, 2014
Authored by Andrea Barisani, Open Source CERT

MantisBT versions greater than and equal to 1.1.0a4 and versions equal to and below 1.2.5 suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-1609, CVE-2014-1608
SHA-256 | fd0d34a47dad6a11159e7c09179b8f9eed808970bfe477a1e8a3cee8b3f5c973
Secunia Security Advisory 51853
Posted Jan 18, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jakub Galczyk has discovered a vulnerability in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 78b18535475f3dc145c51981870584a80e369402bc1bf185278792d658a05152
Secunia Security Advisory 51300
Posted Nov 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in MantisBT, which can be exploited by malicious users to disclose potentially sensitive information.

tags | advisory
SHA-256 | 19157884a27023ffc663b18eac1e82db0a9c5857af4ed086450e61e0a9ee008d
Gentoo Linux Security Advisory 201211-01
Posted Nov 8, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201211-1 - Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion. Versions less than 1.2.11 are affected.

tags | advisory, local, vulnerability, file inclusion
systems | linux, gentoo
advisories | CVE-2010-3303, CVE-2010-3763, CVE-2010-4348, CVE-2010-4349, CVE-2010-4350, CVE-2011-2938, CVE-2011-3356, CVE-2011-3357, CVE-2011-3358, CVE-2011-3578, CVE-2011-3755, CVE-2012-1118, CVE-2012-1119, CVE-2012-1120, CVE-2012-1121, CVE-2012-1122, CVE-2012-1123, CVE-2012-2691, CVE-2012-2692
SHA-256 | 73ec59ae980b4d7e5b8fa8eebfffdf5f421714d1583295709c6a59e187bc7d7b
Secunia Security Advisory 51199
Posted Nov 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for MantisBT. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, conduct script insertion attacks, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.

tags | advisory, vulnerability, xss
systems | linux, gentoo
SHA-256 | 51c7d7e1cc6108aac2fd75a1c28e429cddec8e9f2034e20f68e2d1fa958497d3
Secunia Security Advisory 49414
Posted Jun 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in MantisBT, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | fb80dc3db3f6ed55fefc4e2457940d6675bea53bdd857449113a30ab21eb9fe1
Secunia Security Advisory 48258
Posted Mar 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in MantisBT, which an be exploited by malicious users to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | 0ebe8a853f7adbf366a668424d7877bca397f7c7700e5fa593c0f27cf269cdc1
MantisBT 1.2.7 Cross Site Scripting / Local File Inclusion
Posted Sep 7, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

MantisBT version 1.2.7 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | f93ea1f9463f54e352b0762b7f966c8a53d16c2feee1c1340bc0337cc98100a2
Secunia Security Advisory 45829
Posted Sep 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system.

tags | advisory, vulnerability, xss
SHA-256 | 99d098b5e5a61be2de9801633b81712d0115783bee2b4ef106ffd1e8252db39b
MantisBT CMS SQL Injection / Cross Site Scripting
Posted Aug 18, 2011
Authored by Net.Edit0r

MantisBT CMS suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | d16b31ce8fbf08114e5733901215b9a05ad79cc8ab7189291699e00407f1230f
Secunia Security Advisory 45679
Posted Aug 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 4309e9e33d1d5ffc52895845bc748ca83a8bb78d1dbc6d2834015734c35a05bd
ATutor AContent 1.1 / 1.3 Cross Site Scripting
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.

tags | exploit, vulnerability, xss
SHA-256 | 11f71a7a8fc1b6198d0accd72f3c4a62c57ad812171943bba7e230803cb30eff
ATutor AContent 1.1 SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | f56291915b34b94f96cf88882cc5c3ad29f32c7cd6bb2be6f841ce2ae4b2f103
Digital Scribe 1.5 Cross Site Scripting
Posted Jul 31, 2011
Authored by LiquidWorm | Site zeroscience.mk

Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.

tags | exploit, php, vulnerability, xss
SHA-256 | b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975
Online Grades Project Team 3.2.5 Cross Site Scripting
Posted Jul 25, 2011
Authored by LiquidWorm | Site zeroscience.mk

Online Grades version 3.2.5 suffers from multiple cross site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, php, vulnerability, xss
SHA-256 | 97dac1462d3751baa282b6d6356f3f5c1af9936b2fe7fc9e1f21af38da27da98
PG eLMS Pro DEC_2007_01 Blind SQL Injection
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

PG eLMS Pro version DEC_2007_01 suffers from multiple remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | f33c1f60fe48012757d4de9d5b369cbdd1b4511201f7d9fa55519f099d092a34
PG eLMS Pro DEC_2007_01 Cross Site Scripting
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

PG eLMS Pro version DEC_2007_01 suffers from multiple POST cross site scripting vulnerabilities in contact_us.php.

tags | exploit, php, vulnerability, xss
SHA-256 | 3cb7f482a30aa8222e39a62050d674c0b4201c4a9b953dc76fb7e986a91915bf
TCExam 11.2.011 SQL Injection
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

TCExam versions 11.2.011 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 914e1468f043c743fbcb3539d34a062ed28fec35ba1be0ed6dab33cd0deb9e05
TCExam 11.2.011 Cross Site Scripting
Posted Jul 14, 2011
Authored by LiquidWorm | Site zeroscience.mk

TCExam versions 11.2.011 and below suffer from multiple pre and post auth cross site scripting vulnerabilities when parsing user input to multiple parameters via GET and POST method in multiple scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 124989b21ffded644a3bd7fb5253e0bf4a9f3a0f8cf17bb80608ab44fd14748f
Tugux CMS 1.2 Remote Arbitrary File Deletion
Posted Jul 11, 2011
Authored by LiquidWorm | Site zeroscience.mk

Tugux CMS version 1.2 remote arbitrary file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | b322ce3279d241071e6638005f0f9486916adab50fcebbdaf25046904c8aa330
Page 1 of 4
Back1234Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close