Page 13 of 118 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. • http://secunia.com/advisories/18979 http://www.osvdb.org/23378 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16738 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/24819 •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/42802 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. • http://secunia.com/advisories/18979 http://securityreason.com/securityalert/464 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16745 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=325079 https://exchange.xforce.ibmcloud.com/vulnerabilities/24821 •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 http://secunia.com/advisories/18218 http://secunia.com/advisories/22826 http://securityreason.com/securityalert/302 http://securitytracker.com/id?1015411 http://www.debian.org/security/2006/dsa-1208 http://www.securityfocus.com/archive/1/420353/100/0/threaded http://www.securityfocus.com/bid/16061 https://bugzilla.mozilla.org/show_bug.cgi?id=305353 https://exchange.xforce.ibmcloud.com/vulnerabilities/23863 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://secunia.com/advisories/17030 http://www.bugzilla.org/security/2.18.4 http://www.securityfocus.com/bid/14995 https://exchange.xforce.ibmcloud.com/vulnerabilities/22490 •