Show filters
44 Total Results
Displaying 31-40 of 44
Sort by:
Attacker Value
Unknown
CVE-2010-3764
Disclosure Date: November 05, 2010 (last updated October 04, 2023)
The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.
0
Attacker Value
Unknown
CVE-2010-3172
Disclosure Date: November 05, 2010 (last updated October 04, 2023)
CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.
0
Attacker Value
Unknown
CVE-2010-2757
Disclosure Date: August 16, 2010 (last updated October 04, 2023)
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
0
Attacker Value
Unknown
CVE-2010-2758
Disclosure Date: August 16, 2010 (last updated October 04, 2023)
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page.
0
Attacker Value
Unknown
CVE-2010-2756
Disclosure Date: August 16, 2010 (last updated October 04, 2023)
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
0
Attacker Value
Unknown
CVE-2009-3989
Disclosure Date: February 03, 2010 (last updated October 04, 2023)
Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.
0
Attacker Value
Unknown
CVE-2008-6098
Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."
0
Attacker Value
Unknown
CVE-2009-0485
Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
0
Attacker Value
Unknown
CVE-2009-0481
Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.
0
Attacker Value
Unknown
CVE-2009-0482
Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
0