|
260301
|
- |
|
mantisbt
|
mantisbt
|
The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attacke…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1118
|
2013-08-27 12:21 |
2012-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260302
|
- |
|
mantisbt
|
mantisbt
|
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users wit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1122
|
2013-08-27 12:21 |
2012-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260303
|
- |
|
mantisbt
|
mantisbt
|
MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.ph…
|
CWE-200
Information Exposure
|
CVE-2011-3755
|
2013-08-27 12:17 |
2011-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260304
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the pr…
|
CWE-79
Cross-site Scripting
|
CVE-2011-2938
|
2013-08-27 12:15 |
2011-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260305
|
- |
|
mantisbt
|
mantisbt
|
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type param…
|
CWE-22
Path Traversal
|
CVE-2010-4350
|
2013-08-27 12:07 |
2011-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260306
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4348
|
2013-08-27 12:06 |
2011-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260307
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3763
|
2013-08-27 12:05 |
2010-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260308
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_…
|
CWE-79
Cross-site Scripting
|
CVE-2010-3303
|
2013-08-27 12:04 |
2010-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260309
|
- |
|
staruml
|
staruml
|
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5578
|
2013-08-27 04:27 |
2013-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260310
|
- |
|
intel
|
wimax_network_service
|
Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or p…
|
CWE-189
Numeric Errors
|
CVE-2013-4219
|
2013-08-27 03:40 |
2013-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
