CVE-2006-5455
https://notcve.org/view.php?id=CVE-2006-5455
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL creada artesanalmente. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29548 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=281181 https://exchange.xforce.ibmcloud •
CVE-2005-4534
https://notcve.org/view.php?id=CVE-2005-4534
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 http://secunia.com/advisories/18218 http://secunia.com/advisories/22826 http://securityreason.com/securityalert/302 http://securitytracker.com/id?1015411 http://www.debian.org/security/2006/dsa-1208 http://www.securityfocus.com/archive/1/420353/100/0/threaded http://www.securityfocus.com/bid/16061 https://bugzilla.mozilla.org/show_bug.cgi?id=305353 https://exchange.xforce.ibmcloud.com/vulnerabilities/23863 •
CVE-2005-1563
https://notcve.org/view.php?id=CVE-2005-1563
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://marc.info/?l=bugtraq&m=111592031902962&w=2 http://secunia.com/advisories/15338 http://www.bugzilla.org/security/2.16.8 http://www.osvdb.org/16425 http://www.securityfocus.com/bid/13606 http://www.vupen.com/english/advisories/2005/0533 https://bugzilla.mozilla.org/show_bug.cgi?id=287109 •
CVE-2005-1565
https://notcve.org/view.php?id=CVE-2005-1565
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://marc.info/?l=bugtraq&m=111592031902962&w=2 http://secunia.com/advisories/15338 http://www.osvdb.org/16427 http://www.securityfocus.com/bid/13605 http://www.vupen.com/english/advisories/2005/0533 https://bugzilla.mozilla.org/show_bug.cgi?id=287436 •
CVE-2005-1564
https://notcve.org/view.php?id=CVE-2005-1564
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. • http://marc.info/?l=bugtraq&m=111592031902962&w=2 http://secunia.com/advisories/15338 http://www.bugzilla.org/security/2.16.8 http://www.osvdb.org/16426 https://bugzilla.mozilla.org/show_bug.cgi?id=287109 https://exchange.xforce.ibmcloud.com/vulnerabilities/42797 •