Information on source package mantis

Available versions

ReleaseVersion
squeeze, squeeze1.1.8+dfsg-10squeeze2
wheezy1.2.11-1.2

Open issues

BugsqueezewheezyDescription
CVE-2012-5522vulnerablefixedMantisBT before 1.2.12 does not use an expected default value during ...
CVE-2012-5523vulnerablefixedcore/email_api.php in MantisBT before 1.2.12 does not properly manage ...
CVE-2013-1811vulnerablevulnerableReporter can change issue status to 'new'
CVE-2013-1934vulnerablevulnerablemantis: XSS issue in adm_config_report.php when displaying complex value
CVE-2013-4460vulnerablevulnerableCross-site scripting (XSS) vulnerability in account_sponsor_page.php ...
CVE-2014-1608vulnerablevulnerableSQL injection vulnerability in the mci_file_get function in ...
CVE-2014-1609vulnerablevulnerableMultiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...
CVE-2014-2238vulnerablevulnerableSQL injection vulnerability in the manage configuration page ...

Open unimportant issues

Resolved issues

BugDescription
CVE-2002-1110Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...
CVE-2002-1111print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...
CVE-2002-1112Mantis before 0.17.4 allows remote attackers to list project bugs ...
CVE-2002-1113summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...
CVE-2002-1114config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...
CVE-2002-1115Mantis 0.17.4a and earlier allows remote attackers to view private ...
CVE-2002-1116The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...
CVE-2003-0499Mantis 0.17.5 and earlier stores its database password in cleartext in ...
CVE-2004-1730Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...
CVE-2004-1731signup_page.php in Mantis bugtracker allows remote attackers to send ...
CVE-2004-1734PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...
CVE-2004-2666Mantis before 20041016 provides a complete Issue History (Bug History) ...
CVE-2005-2556core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...
CVE-2005-2557Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...
CVE-2005-3090Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...
CVE-2005-3091Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...
CVE-2005-3335PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...
CVE-2005-3336SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...
CVE-2005-3338Unspecified vulnerability in Mantis before 0.19.3, when using ...
CVE-2005-3339Mantis before 0.19.3 caches the User ID longer than necessary, which ...
CVE-2005-4238Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...
CVE-2005-4518Mantis before 0.19.4 allows remote attackers to bypass the file upload ...
CVE-2005-4519Multiple SQL injection vulnerabilities in the manage user page ...
CVE-2005-4520Unspecified "port injection" vulnerabilities in filters in Mantis ...
CVE-2005-4521CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...
CVE-2005-4522Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2005-4523Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...
CVE-2005-4524Mantis 1.0.0rc3 does not properly handle "Make note private" when a ...
CVE-2006-0664Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...
CVE-2006-0665Unspecified vulnerability in (1) query_store.php and (2) ...
CVE-2006-0840manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...
CVE-2006-0841Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...
CVE-2006-1577Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2006-6515Mantis before 1.1.0a2 sets the default value of ...
CVE-2006-6574Mantis before 1.1.0a2 does not implement per-item access control for ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-6611Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...
CVE-2008-0404Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...
CVE-2008-2276Cross-site request forgery (CSRF) vulnerability in ...
CVE-2008-3102Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...
CVE-2008-3331Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...
CVE-2008-3332Eval injection vulnerability in adm_config_set.php in Mantis before ...
CVE-2008-3333Directory traversal vulnerability in core/lang_api.php in Mantis ...
CVE-2008-4687manage_proj_page.php in Mantis before 1.1.4 allows remote ...
CVE-2008-4688core/string_api.php in Mantis before 1.1.3 does not check the ...
CVE-2008-4689Mantis before 1.1.3 does not unset the session cookie during logout, ...
CVE-2009-2802
CVE-2010-2574Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...
CVE-2010-2802Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...
CVE-2010-3303Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
CVE-2010-3763Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...
CVE-2010-4348Cross-site scripting (XSS) vulnerability in ...
CVE-2010-4349admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote ...
CVE-2010-4350Directory traversal vulnerability in admin/upgrade_unattended.php in ...
CVE-2011-2938Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...
CVE-2011-3356Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2011-3357Directory traversal vulnerability in bug_actiongroup_ext_page.php in ...
CVE-2011-3358Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...
CVE-2011-3578Cross-site scripting (XSS) vulnerability in ...
CVE-2012-1118The access_has_bug_level function in core/access_api.php in MantisBT ...
CVE-2012-1119MantisBT before 1.2.9 does not audit when users copy or clone a bug ...
CVE-2012-1120The SOAP API in MantisBT before 1.2.9 does not properly enforce the ...
CVE-2012-1121MantisBT before 1.2.9 does not properly check permissions, which ...
CVE-2012-1122bug_actiongroup.php in MantisBT before 1.2.9 does not properly check ...
CVE-2012-1123The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...
CVE-2012-2691The mc_issue_note_update function in the SOAP API in MantisBT before ...
CVE-2012-2692MantisBT before 1.2.11 does not check the delete_attachments_threshold ...
CVE-2013-0197XSS vulnerability with match_type filter
CVE-2013-1810summary.php category/project names XSS vulnerability
CVE-2013-1883mantis: remote DoS
CVE-2013-1930mantis: Close button available to users despite workflow restrictions
CVE-2013-1931mantis: XSS vulnerability when deleting a version
CVE-2013-1932mantis: XSS vulnerability on Configuration Report page
TEMP-0000000-6C56E3mantis multiple issues fixed in 1.0.7
TEMP-0000000-B14A9Dmantis multiple issues
TEMP-0425010-42F27Cmantis: information leak

Security announcements

DSADescription
DSA-2500-1mantis - several
DSA-2308-1mantis - several
DSA-2308-1mantis - several
DSA-1856-1mantis - information leak
DSA-1467-1mantis - several vulnerabilities
DSA-1133-1mantis - cross site scripting
DSA-944-1mantis - several
DSA-944-1mantis - several
DSA-905-1mantis - several
DSA-905-1mantis - several
DSA-778-1mantis - missing input sanitising
DSA-335mantis - incorrect permissions
DSA-161mantis - privilege escalation
DSA-153mantis - cross site code execution and privilege escalation

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)