An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing...
Read MoreBackup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
Read MoreConfiguration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
Read MoreAn XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The ‘filter’ field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary...
Read MoreThe mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
Read More