Page 11 of 79 results (0.026 seconds)

CVSS: 5.0EPSS: 6%CPEs: 6EXPL: 1

CVE-2007-4538

https://notcve.org/view.php?id=CVE-2007-4538

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres. • http://osvdb.org/37203 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://exchange.xforce.ibmcloud.com/ •

CVSS: 2.6EPSS: 4%CPEs: 4EXPL: 0

CVE-2006-5455

https://notcve.org/view.php?id=CVE-2006-5455

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL creada artesanalmente. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29548 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=281181 https://exchange.xforce.ibmcloud •

CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1

CVE-2006-0913

https://notcve.org/view.php?id=CVE-2006-0913

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. • http://secunia.com/advisories/18979 http://www.osvdb.org/23378 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16738 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/24819 •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1

CVE-2006-0914

https://notcve.org/view.php?id=CVE-2006-0914

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/42802 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2005-2173

https://notcve.org/view.php?id=CVE-2005-2173

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1 https://bugzilla.mozilla.org/show_bug.cgi?id=293159 •