Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2005-3335 7.5
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
11-07-2017 - 01:33 27-10-2005 - 10:02
CVE-2005-2557 4.3
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE
11-07-2017 - 01:32 28-09-2005 - 21:03
CVE-2005-2556 7.5
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
18-10-2016 - 03:28 24-08-2005 - 04:00
CVE-2005-3336 7.5
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
08-03-2011 - 02:26 27-10-2005 - 10:02
CVE-2005-3339 7.2
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
05-09-2008 - 20:54 27-10-2005 - 10:02
CVE-2005-3338 5.0
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
05-09-2008 - 20:54 27-10-2005 - 10:02
CVE-2005-3091 4.3
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
05-09-2008 - 20:53 28-09-2005 - 22:03
Back to Top Mark selected
Back to Top