Page 15 of 136 results (0.007 seconds)

CVSS: 5.0EPSS: 6%CPEs: 6EXPL: 1

CVE-2007-4538

https://notcve.org/view.php?id=CVE-2007-4538

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres. • http://osvdb.org/37203 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://exchange.xforce.ibmcloud.com/ •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0

CVE-2007-0792

https://notcve.org/view.php?id=CVE-2007-0792

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. La secuencia de comandos de inicialización de mod_perl en Bugzilla 2.23.3 no establece la configuración de Bugzilla Apache para permitir sobrescribir los permisos del fichero .htaccess, lo cual permite a atacantes remotos obtener el nombre de usuario y la contraseña mediante una petición directa al fichero localconfig. • http://osvdb.org/35862 http://securityreason.com/securityalert/2222 http://securitytracker.com/id?1017585 http://www.bugzilla.org/security/2.20.3 http://www.securityfocus.com/archive/1/459025/100/0/threaded http://www.securityfocus.com/bid/22380 http://www.vupen.com/english/advisories/2007/0477 https://exchange.xforce.ibmcloud.com/vulnerabilities/32252 •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2007-0791

https://notcve.org/view.php?id=CVE-2007-0791

Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en feeds de Atom en Bugzilla 2.20.3, 2.22.1, y 2.23.3, y versiones anteriores a 2.20.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://osvdb.org/33090 http://secunia.com/advisories/24031 http://securityreason.com/securityalert/2222 http://securitytracker.com/id?1017585 http://www.bugzilla.org/security/2.20.3 http://www.securityfocus.com/archive/1/459025/100/0/threaded http://www.securityfocus.com/bid/22380 http://www.vupen.com/english/advisories/2007/0477 https://exchange.xforce.ibmcloud.com/vulnerabilities/32248 •

CVSS: 5.0EPSS: 6%CPEs: 18EXPL: 0

CVE-2006-5454

https://notcve.org/view.php?id=CVE-2006-5454

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. Bugzilla 2.18.x anteriores a 2.18.6, 2.20.x anteriores a 2.20.3, 2.22.x anterioers a 2.22.1, y 2.23.x anteriores a 2.23.3 permiten a atacantes remotos obtener (1) la descripción de adjuntos de su elección viendo el adjunto en modo "diff" en attachment.cgi, y (2) el campo fecha límite (deadline) viendo el formato XML del "bug" en show_bug.cgi. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://securitytracker.com/id?1017064 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29546 http://www.osvdb.org/29547 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzill •

CVSS: 2.6EPSS: 4%CPEs: 4EXPL: 0

CVE-2006-5455

https://notcve.org/view.php?id=CVE-2006-5455

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL creada artesanalmente. • http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://www.bugzilla.org/security/2.18.5 http://www.osvdb.org/29548 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=281181 https://exchange.xforce.ibmcloud •