Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-28 | CVE-2005-4527 | Unspecified vulnerability in Direct News Direct News 4.9 Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters. | 7.5 |
| 2005-12-28 | CVE-2005-4525 | Unspecified vulnerability in Sygate Technologies Protection Agent 5.0Build6144 SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch. | 4.6 |
| 2005-12-28 | CVE-2005-4524 | Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | 5.0 |
| 2005-12-28 | CVE-2005-4523 | Unspecified vulnerability in Mantis Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2005-12-28 | CVE-2005-4522 | Unspecified vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters. network mantis | 4.3 |
| 2005-12-28 | CVE-2005-4521 | CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. | 5.0 |
| 2005-12-28 | CVE-2005-4520 | Unspecified vulnerability in Mantis Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. | 5.0 |
| 2005-12-28 | CVE-2005-4519 | Unspecified vulnerability in Mantis Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. | 7.5 |
| 2005-12-28 | CVE-2005-4518 | Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php. | 7.5 |
| 2005-12-28 | CVE-2005-4517 | SQL-Injection vulnerability in PHP Fusion SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. | 7.5 |