Search
Search Results (46 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | ||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | ||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | ||||
| CVE-2005-3336 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-3335 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | ||||
| CVE-2005-3339 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors. | ||||