Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4453

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2005-4453
Last Modified 07 Mar 2011 09:28:17
Published 21 Dec 2005 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-4453

Summary

UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.

Vulnerable Systems

Application

  • Ultraapps Issue Manager 2.1


References

BID - 15976

BUGTRAQ - 20051220 IRM 013: Ultraapps Issue Manager is vulnerable to Privilege Escalation

VUPEN - ADV-2005-3031

MISC - http://www.irmplc.com/advisory013.htm

SECUNIA - 18174


Last Updated: 27 May 2016 10:41:18