Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDebianCVE-2005-2556
HistoryAug 24, 2005 - 4:00 a.m.

CVE-2005-2556

2005-08-2404:00:00
debian
web.nvd.nist.gov
29
mantis
database_api.php
register_globals
remote attack
cve-2005-2556
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

Affected configurations

Nvd
Node
mantismantisMatch0.19.0
OR
mantismantisMatch0.19.0_rc1
OR
mantismantisMatch0.19.0a1
OR
mantismantisMatch0.19.0a2
OR
mantismantisMatch0.19.1
OR
mantismantisMatch0.19.2
OR
mantismantisMatch1.0.0a1
OR
mantismantisMatch1.0.0a2
OR
mantismantisMatch1.0.0a3
VendorProductVersionCPE
mantismantis0.19.0cpe:2.3:a:mantis:mantis:0.19.0:*:*:*:*:*:*:*
mantismantis0.19.0_rc1cpe:2.3:a:mantis:mantis:0.19.0_rc1:*:*:*:*:*:*:*
mantismantis0.19.0a1cpe:2.3:a:mantis:mantis:0.19.0a1:*:*:*:*:*:*:*
mantismantis0.19.0a2cpe:2.3:a:mantis:mantis:0.19.0a2:*:*:*:*:*:*:*
mantismantis0.19.1cpe:2.3:a:mantis:mantis:0.19.1:*:*:*:*:*:*:*
mantismantis0.19.2cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
mantismantis1.0.0a1cpe:2.3:a:mantis:mantis:1.0.0a1:*:*:*:*:*:*:*
mantismantis1.0.0a2cpe:2.3:a:mantis:mantis:1.0.0a2:*:*:*:*:*:*:*
mantismantis1.0.0a3cpe:2.3:a:mantis:mantis:1.0.0a3:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
ubuntucve 1
openvas 6
nessus 3
gentoo 1
debian 2
securityvulns 1
osv 1
nvd
nvd
CVE-2005-2556
2005-08-24 04:00:00
cvelist
cvelist
CVE-2005-2556
2005-08-24 04:00:00
ubuntucve
ubuntucve
CVE-2005-2556
2005-08-24 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200509-16 (Mantis)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200509-16 (Mantis)
2008-09-24 00:00:00
Debian Security Advisory DSA 778-1 (mantis)
2008-01-17 00:00:00
nessus
nessus
GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities
2005-10-05 00:00:00
Mantis < 1.0.0rc2 Multiple Vulnerabilities
2005-08-22 00:00:00
Debian DSA-778-1 : mantis - missing input sanitising
2005-08-23 00:00:00
gentoo
gentoo
Mantis: XSS and SQL injection vulnerabilities
2005-09-24 00:00:00
debian
debian
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 13:59:56
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 13:59:56
securityvulns
securityvulns
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities
2005-08-19 00:00:00
osv
osv
mantis - missing input sanitising
2005-08-19 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.007

Percentile

80.3%

JSON
Related for CVE-2005-2556
nvd1cvelist1ubuntucve1openvas6nessus3gentoo1debian2securityvulns1osv1