CVE-2005-2461

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=112274359718863&w=2
http://secunia.com/advisories/16286	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00092-07302005
http://www.osvdb.org/18396
http://www.securityfocus.com/bid/14425
http://marc.info/?l=bugtraq&m=112274359718863&w=2
http://secunia.com/advisories/16286	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00092-07302005
http://www.osvdb.org/18396
http://www.securityfocus.com/bid/14425

Configurations

Configuration 1 (hide)

cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:59

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=112274359718863&w=2 -~~	() http://marc.info/?l=bugtraq&m=112274359718863&w=2 -
References	~~() http://secunia.com/advisories/16286 - Vendor Advisory~~	() http://secunia.com/advisories/16286 - Vendor Advisory
References	~~() http://www.gulftech.org/?node=research&article_id=00092-07302005 -~~	() http://www.gulftech.org/?node=research&article_id=00092-07302005 -
References	~~() http://www.osvdb.org/18396 -~~	() http://www.osvdb.org/18396 -
References	~~() http://www.securityfocus.com/bid/14425 -~~	() http://www.securityfocus.com/bid/14425 -

Information

Published : 2005-12-31 05:00

Updated : 2024-11-20 23:59

NVD link : CVE-2005-2461

Mitre link : CVE-2005-2461

CVE.ORG link : CVE-2005-2461

JSON object : View

Products Affected

kayako

liveresponse

CWE

NVD-CWE-Other

{"id": "CVE-2005-2461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112274359718863&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16286", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gulftech.org/?node=research&article_id=00092-07302005", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/18396", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14425", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=112274359718863&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/16286", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gulftech.org/?node=research&article_id=00092-07302005", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/18396", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/14425", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter."}], "lastModified": "2024-11-20T23:59:36.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE565273-2E54-409C-A1C7-3EB21C7C72DE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}