Page 26 of 136 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. Versiones anteriores a la 2.14.1 de Bugzilla permiten que un atacante remoto (1) falsee el comentario de un usuario por medio de una petición HTTP usando process_bug.cgi y el parámetro "who" en vez de una cokie de Bugzilla_login, o (2) envíe un bug como otro usuario, modificando el parámetro de enter_bug.cgi, el cual se pasa a post_bug.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html http://bugzilla.mozilla.org/show_bug.cgi?id=108385 http://bugzilla.mozilla.org/show_bug.cgi?id=108516 http://rhn.redhat.com/errata/RHSA-2002-001.html http://www.bugzilla.org/security2_14_1.html http://www.iss.net/security_center/static/7804.php http://www.iss.net/security_center/static/7805.php http://www.securityfocus.com/bid/3793 http://www.securityfocus.com/bid/3794 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. • http://bugzilla.mozilla.org/show_bug.cgi?id=38854 http://bugzilla.mozilla.org/show_bug.cgi?id=38855 http://bugzilla.mozilla.org/show_bug.cgi?id=38859 http://bugzilla.mozilla.org/show_bug.cgi?id=39536 http://bugzilla.mozilla.org/show_bug.cgi? •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. • http://bugzilla.mozilla.org/show_bug.cgi?id=66235 http://marc.info/?l=bugtraq&m=99912899900567 http://www.iss.net/security_center/static/10478.php http://www.redhat.com/support/errata/RHSA-2001-107.html •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. • http://bugzilla.mozilla.org/show_bug.cgi?id=15980 http://marc.info/?l=bugtraq&m=99912899900567 http://www.redhat.com/support/errata/RHSA-2001-107.html •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. • http://bugzilla.mozilla.org/show_bug.cgi?id=39524 http://bugzilla.mozilla.org/show_bug.cgi?id=39526 http://bugzilla.mozilla.org/show_bug.cgi?id=39527 http://bugzilla.mozilla.org/show_bug.cgi?id=39531 http://bugzilla.mozilla.org/show_bug.cgi? •