Page 15 of 136 results (0.006 seconds)

CVSS: 4.3EPSS: 1%CPEs: 30EXPL: 1

CVE-2007-4543

https://notcve.org/view.php?id=CVE-2007-4543

Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en enter_bug.cgi en Bugzilla 2.17.1 hasta la 2.20.4, 2.22.x anterior a 2.22.3, y 3.x anterior a 3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo buildid en la "forma dirigida". • http://osvdb.org/37201 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386942 https://exchange.xforce.ibmcloud.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2007-0791

https://notcve.org/view.php?id=CVE-2007-0791

Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en feeds de Atom en Bugzilla 2.20.3, 2.22.1, y 2.23.3, y versiones anteriores a 2.20.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://osvdb.org/33090 http://secunia.com/advisories/24031 http://securityreason.com/securityalert/2222 http://securitytracker.com/id?1017585 http://www.bugzilla.org/security/2.20.3 http://www.securityfocus.com/archive/1/459025/100/0/threaded http://www.securityfocus.com/bid/22380 http://www.vupen.com/english/advisories/2007/0477 https://exchange.xforce.ibmcloud.com/vulnerabilities/32248 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0

CVE-2007-0792

https://notcve.org/view.php?id=CVE-2007-0792

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. La secuencia de comandos de inicialización de mod_perl en Bugzilla 2.23.3 no establece la configuración de Bugzilla Apache para permitir sobrescribir los permisos del fichero .htaccess, lo cual permite a atacantes remotos obtener el nombre de usuario y la contraseña mediante una petición directa al fichero localconfig. • http://osvdb.org/35862 http://securityreason.com/securityalert/2222 http://securitytracker.com/id?1017585 http://www.bugzilla.org/security/2.20.3 http://www.securityfocus.com/archive/1/459025/100/0/threaded http://www.securityfocus.com/bid/22380 http://www.vupen.com/english/advisories/2007/0477 https://exchange.xforce.ibmcloud.com/vulnerabilities/32252 •

CVSS: 5.0EPSS: 6%CPEs: 18EXPL: 0

CVE-2006-5454

https://notcve.org/view.php?id=CVE-2006-5454

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. Bugzilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anterioers a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a atacantes remotos obtener (1) la descripción de adjuntos de su elección viendo el adjunto en modo "diff" en attachment.cgi, y (2) el campo fecha límite (deadline) viendo el formato XML del "bug" en show_bug.cgi. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://securitytracker.com/id?1017064 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29546 http://www.osvdb.org/29547 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzill •

CVSS: 2.6EPSS: 4%CPEs: 4EXPL: 0

CVE-2006-5455

https://notcve.org/view.php?id=CVE-2006-5455

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL creada artesanalmente. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29548 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=281181 https://exchange.xforce.ibmcloud •