CVE-2009-3386
https://notcve.org/view.php?id=CVE-2009-3386
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. El fichero Template.pm en Bugzilla v3.3.2 hasta la v3.4.3 y v3.5 hasta la v3.5.1 permite descubrir a atacantes remotos el alias de un bug privado al leer los campos (1) "Depends On" o (2) "Blocks" de un bug relacionado. • http://osvdb.org/60271 http://secunia.com/advisories/37423 http://www.bugzilla.org/security/3.4.3 http://www.securityfocus.com/bid/37062 http://www.vupen.com/english/advisories/2009/3288 https://bugzilla.mozilla.org/show_bug.cgi?id=529416 https://exchange.xforce.ibmcloud.com/vulnerabilities/54332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-3125
https://notcve.org/view.php?id=CVE-2009-3125
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la función Bug.search de WebService en Bugzilla v3.3.2 hasta la v3.4.1 y v3.5, permite a atacantes remotos ejecutar comandos SQL a través de parámetros no especificados. • http://secunia.com/advisories/36718 http://www.bugzilla.org/security/3.0.8 http://www.securityfocus.com/bid/36371 https://bugzilla.mozilla.org/show_bug.cgi?id=515191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •