CVE-2008-2105
https://notcve.org/view.php?id=CVE-2008-2105
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses. El archivo email_in.pl en Bugzilla versión 2.23.4, versiones 3.0.x anteriores a 3.0.4, y versiones 3.1.x anteriores a 3.1.4, permite a usuarios autentificados remotos falsificar más fácilmente al cambiador de un bug por medio de un comando @reporter en el cuerpo de un mensaje de correo electrónico, que inválida la dirección de correo electrónico tal y como es obtenida normalmente desde el encabezado de correo electrónico From. NOTA: puesto que los encabezados From son fácilmente falsificados, esto sólo cruza los límites de privilegios en entornos que proporcionan una comprobación adicional de direcciones de correo electrónico. • http://secunia.com/advisories/30064 http://secunia.com/advisories/30167 http://www.bugzilla.org/security/2.20.5 http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019969 http://www.vupen.com/english/advisories/2008/1428/references https://bugzilla.mozilla.org/show_bug.cgi?id=419188 https://exchange.xforce.ibmcloud.com/vulnerabilities/42235 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html https://www.redhat.com/archives/fedora-pa • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4543
https://notcve.org/view.php?id=CVE-2007-4543
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en enter_bug.cgi en Bugzilla 2.17.1 hasta la 2.20.4, 2.22.x anterior a 2.22.3, y 3.x anterior a 3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo buildid en la "forma dirigida". • http://osvdb.org/37201 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386942 https://exchange.xforce.ibmcloud.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4539
https://notcve.org/view.php?id=CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. La interfaz WebService (XML-RPC) en Bugzilla 2.23.3 hasta la 3.0.0 no hace cumplir los permisos para los campos time-tracking de los fallos (bugs), lo cual permite a atacantes remotos obtener información sensible a través de ciertas respuestas XML-RPC, como se demostró por los campos (1) Deadline y (2) Estimated Time. • http://osvdb.org/37202 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=382056 https://exchange.xforce.ibmcloud.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4538
https://notcve.org/view.php?id=CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres. • http://osvdb.org/37203 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://exchange.xforce.ibmcloud.com/ •
CVE-2006-5454
https://notcve.org/view.php?id=CVE-2006-5454
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. Bugzilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anterioers a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a atacantes remotos obtener (1) la descripción de adjuntos de su elección viendo el adjunto en modo "diff" en attachment.cgi, y (2) el campo fecha límite (deadline) viendo el formato XML del "bug" en show_bug.cgi. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://securitytracker.com/id?1017064 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29546 http://www.osvdb.org/29547 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzill •