Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2556

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2556
Last Modified 10 Sep 2008 03:42:37
Published 24 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2556

Summary

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

Vulnerable Systems

Application

  • Mantis 0.19.0

  • Mantis 0.19.0 Rc1

  • Mantis 0.19.0a1

  • Mantis 0.19.0a2

  • Mantis 0.19.1

  • Mantis 0.19.2

  • Mantis 1.0.0a1

  • Mantis 1.0.0a2

  • Mantis 1.0.0a3


References

BID - 14604

DEBIAN - DSA-778

GENTOO - GLSA-200509-16

BUGTRAQ - 20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities

SECUNIA - 16506


Last Updated: 27 May 2016 10:40:34