Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2005-3335 | 7.5 |
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
|
11-07-2017 - 01:33 | 27-10-2005 - 10:02 | |
CVE-2005-2557 | 4.3 |
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE
|
11-07-2017 - 01:32 | 28-09-2005 - 21:03 | |
CVE-2005-2556 | 7.5 |
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
|
18-10-2016 - 03:28 | 24-08-2005 - 04:00 | |
CVE-2005-3336 | 7.5 |
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
08-03-2011 - 02:26 | 27-10-2005 - 10:02 | |
CVE-2005-3339 | 7.2 |
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
|
05-09-2008 - 20:54 | 27-10-2005 - 10:02 | |
CVE-2005-3338 | 5.0 |
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
|
05-09-2008 - 20:54 | 27-10-2005 - 10:02 | |
CVE-2005-3091 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
|
05-09-2008 - 20:53 | 28-09-2005 - 22:03 |