Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. Date...
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php....
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of...
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage...
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. Date published : 2005-12-27 http://www.securityfocus.com/bid/16046/ http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. Date published : 2005-12-27 http://www.securityfocus.com/archive/1/420109/100/0/threaded http://www.osvdb.org/22049
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags. Date published :...
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors. Date published : 2005-12-27 http://www.securityfocus.com/bid/16049/ http://www.debian.org/security/2005/dsa-926
tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2005-12-27 http://www.securityfocus.com/bid/16064 http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. Date published : 2005-12-27 http://www.securityfocus.com/bid/16065 http://www.debian.org/security/2005/dsa-928
** DISPUTED ** SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that...
** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or...
Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter. Date published : 2005-12-22 http://www.securityfocus.com/bid/16036 http://pridels0.blogspot.com/2005/12/wandsoft-e-search-xss-vuln.html
Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. Date published : 2005-12-22 http://www.securityfocus.com/bid/16037 http://pridels0.blogspot.com/2005/12/waxtrapp-xss-vuln.html