Information on source package mantis

Available versions

ReleaseVersion
squeeze, squeeze1.1.8+dfsg-10squeeze1
wheezy, sid1.2.10-1

Open issues

Open unimportant issues

BugDescription
CVE-2011-3578Cross-site scripting (XSS) vulnerability in ...
CVE-2012-1118
CVE-2012-1119
CVE-2012-1120
CVE-2012-1121
CVE-2012-1122
CVE-2012-1123

Resolved issues

BugDescription
CVE-2002-1110Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...
CVE-2002-1111print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...
CVE-2002-1112Mantis before 0.17.4 allows remote attackers to list project bugs ...
CVE-2002-1113summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...
CVE-2002-1114config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...
CVE-2002-1115Mantis 0.17.4a and earlier allows remote attackers to view private ...
CVE-2002-1116The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...
CVE-2003-0499Mantis 0.17.5 and earlier stores its database password in cleartext in ...
CVE-2004-1730Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...
CVE-2004-1731signup_page.php in Mantis bugtracker allows remote attackers to send ...
CVE-2004-1734PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...
CVE-2004-2666Mantis before 20041016 provides a complete Issue History (Bug History) ...
CVE-2005-2556core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...
CVE-2005-2557Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...
CVE-2005-3090Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...
CVE-2005-3091Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...
CVE-2005-3335PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...
CVE-2005-3336SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...
CVE-2005-3338Unspecified vulnerability in Mantis before 0.19.3, when using ...
CVE-2005-3339Mantis before 0.19.3 caches the User ID longer than necessary, which ...
CVE-2005-4238Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...
CVE-2005-4518Mantis before 0.19.4 allows remote attackers to bypass the file upload ...
CVE-2005-4519Multiple SQL injection vulnerabilities in the manage user page ...
CVE-2005-4520Unspecified "port injection" vulnerabilities in filters in Mantis ...
CVE-2005-4521CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...
CVE-2005-4522Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2005-4523Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...
CVE-2005-4524Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...
CVE-2006-0664Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...
CVE-2006-0665Unspecified vulnerability in (1) query_store.php and (2) ...
CVE-2006-0840manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...
CVE-2006-0841Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...
CVE-2006-1577Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2006-6515Mantis before 1.1.0a2 sets the default value of ...
CVE-2006-6574Mantis before 1.1.0a2 does not implement per-item access control for ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-6611Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...
CVE-2008-0404Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...
CVE-2008-2276Cross-site request forgery (CSRF) vulnerability in ...
CVE-2008-3102Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...
CVE-2008-3331Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...
CVE-2008-3332Eval injection vulnerability in adm_config_set.php in Mantis before ...
CVE-2008-3333Directory traversal vulnerability in core/lang_api.php in Mantis ...
CVE-2008-4687manage_proj_page.php in Mantis before 1.1.4 allows remote ...
CVE-2008-4688core/string_api.php in Mantis before 1.1.3 does not check the ...
CVE-2008-4689Mantis before 1.1.3 does not unset the session cookie during logout, ...
CVE-2009-2802
CVE-2010-2574Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...
CVE-2010-2802Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...
CVE-2010-3303Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
CVE-2010-3763Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...
CVE-2010-4348Cross-site scripting (XSS) vulnerability in ...
CVE-2010-4349admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote ...
CVE-2010-4350Directory traversal vulnerability in admin/upgrade_unattended.php in ...
CVE-2011-2938Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...
CVE-2011-3356Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2011-3357Directory traversal vulnerability in bug_actiongroup_ext_page.php in ...
CVE-2011-3358Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
TEMP-0000000-6C56E3mantis multiple issues fixed in 1.0.7
TEMP-0000000-B14A9Dmantis multiple issues
TEMP-0425010-42F27Cmantis: information leak

Security announcements

DSADescription
DSA-2308-1mantis - several
DSA-2308-1mantis - several
DSA-1856-1mantis - information leak
DSA-1467-1mantis - several vulnerabilities
DSA-1133-1mantis - cross site scripting
DSA-944-1mantis - several
DSA-944-1mantis - several
DSA-905-1mantis - several
DSA-905-1mantis - several
DSA-778-1mantis - missing input sanitising
DSA-335mantis - incorrect permissions
DSA-161mantis - privilege escalation
DSA-153mantis - cross site code execution and privilege escalation
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)