MantisBT versions 1.2.3 and below suffer from a local file inclusion vulnerability.
abf8514ede0418cc0812ff5542f8637869d485480ee17472e692434df0836263MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1eMantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.
66702fafa02a9dbc923285c073b3f395b675adad64da5dfa2394ca10e6440fd2This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.
48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9MantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.
aa47d71bf88217768761036b4fe39e67d36b8a53ac37514259ca02cca0186d98MantisBT version 1.2.16 suffers from a remote SQL injection vulnerability.
920455a7475eaa40b79d5ec69566d82d5c1e669a641ca3c45e1041ff75adafedMantisBT versions greater than and equal to 1.1.0a4 and versions equal to and below 1.2.5 suffer from a remote SQL injection vulnerability.
fd0d34a47dad6a11159e7c09179b8f9eed808970bfe477a1e8a3cee8b3f5c973Secunia Security Advisory - Jakub Galczyk has discovered a vulnerability in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks.
78b18535475f3dc145c51981870584a80e369402bc1bf185278792d658a05152Secunia Security Advisory - A security issue has been reported in MantisBT, which can be exploited by malicious users to disclose potentially sensitive information.
19157884a27023ffc663b18eac1e82db0a9c5857af4ed086450e61e0a9ee008dGentoo Linux Security Advisory 201211-1 - Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion. Versions less than 1.2.11 are affected.
73ec59ae980b4d7e5b8fa8eebfffdf5f421714d1583295709c6a59e187bc7d7bSecunia Security Advisory - Gentoo has issued an update for MantisBT. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, conduct script insertion attacks, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
51c7d7e1cc6108aac2fd75a1c28e429cddec8e9f2034e20f68e2d1fa958497d3Secunia Security Advisory - A security issue has been reported in MantisBT, which can be exploited by malicious users to bypass certain security restrictions.
fb80dc3db3f6ed55fefc4e2457940d6675bea53bdd857449113a30ab21eb9fe1Secunia Security Advisory - Multiple vulnerabilities have been reported in MantisBT, which an be exploited by malicious users to bypass certain security restrictions.
0ebe8a853f7adbf366a668424d7877bca397f7c7700e5fa593c0f27cf269cdc1MantisBT version 1.2.7 suffers from cross site scripting and local file inclusion vulnerabilities.
f93ea1f9463f54e352b0762b7f966c8a53d16c2feee1c1340bc0337cc98100a2Secunia Security Advisory - Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system.
99d098b5e5a61be2de9801633b81712d0115783bee2b4ef106ffd1e8252db39bMantisBT CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
d16b31ce8fbf08114e5733901215b9a05ad79cc8ab7189291699e00407f1230fSecunia Security Advisory - A vulnerability has been discovered in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks.
4309e9e33d1d5ffc52895845bc748ca83a8bb78d1dbc6d2834015734c35a05bdATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.
11f71a7a8fc1b6198d0accd72f3c4a62c57ad812171943bba7e230803cb30effATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.
f56291915b34b94f96cf88882cc5c3ad29f32c7cd6bb2be6f841ce2ae4b2f103Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975Online Grades version 3.2.5 suffers from multiple cross site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
97dac1462d3751baa282b6d6356f3f5c1af9936b2fe7fc9e1f21af38da27da98PG eLMS Pro version DEC_2007_01 suffers from multiple remote blind SQL injection vulnerabilities.
f33c1f60fe48012757d4de9d5b369cbdd1b4511201f7d9fa55519f099d092a34PG eLMS Pro version DEC_2007_01 suffers from multiple POST cross site scripting vulnerabilities in contact_us.php.
3cb7f482a30aa8222e39a62050d674c0b4201c4a9b953dc76fb7e986a91915bfTCExam versions 11.2.011 and below suffer from multiple remote SQL injection vulnerabilities.
914e1468f043c743fbcb3539d34a062ed28fec35ba1be0ed6dab33cd0deb9e05TCExam versions 11.2.011 and below suffer from multiple pre and post auth cross site scripting vulnerabilities when parsing user input to multiple parameters via GET and POST method in multiple scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
124989b21ffded644a3bd7fb5253e0bf4a9f3a0f8cf17bb80608ab44fd14748fTugux CMS version 1.2 remote arbitrary file deletion vulnerability.
b322ce3279d241071e6638005f0f9486916adab50fcebbdaf25046904c8aa330
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed