Page 18 of 142 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/42802 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. • http://secunia.com/advisories/18979 http://securityreason.com/securityalert/464 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16745 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=325079 https://exchange.xforce.ibmcloud.com/vulnerabilities/24821 •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 http://secunia.com/advisories/18218 http://secunia.com/advisories/22826 http://securityreason.com/securityalert/302 http://securitytracker.com/id?1015411 http://www.debian.org/security/2006/dsa-1208 http://www.securityfocus.com/archive/1/420353/100/0/threaded http://www.securityfocus.com/bid/16061 https://bugzilla.mozilla.org/show_bug.cgi?id=305353 https://exchange.xforce.ibmcloud.com/vulnerabilities/23863 •

CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://secunia.com/advisories/17030 http://www.bugzilla.org/security/2.18.4 http://www.securityfocus.com/bid/14995 https://exchange.xforce.ibmcloud.com/vulnerabilities/22490 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://secunia.com/advisories/17030 http://www.bugzilla.org/security/2.18.4 http://www.securityfocus.com/bid/14996 https://exchange.xforce.ibmcloud.com/vulnerabilities/42799 •