Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Aug 2011 02:08:17 +1000
From: David Hicks <>
Subject: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities

Original vulnerability report by Net.Edit0r ( from
BlACK Hat Group [] is available at:

MantisBT bug report for full details of the issue:

Please note that the second SQL injection vulnerability identified by
Net.Edit0r is not reproducible (refer to the MantisBT bug report above
for reasons why).

A patch for 1.2.6 is available at:

MantisBT 1.2.7 is currently being packaged and will be available shortly
through usual channels for distributions and standalone users to pick

Bug reports cross-posted elsewhere:
Fedora/Red Hat:
Debian: Submitted (queued)


David Hicks
MantisBT Developer, #mantishelp on freenode

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ