CVSS: 7.5EPSS: 0%CPEs: 181EXPL: 0CVE-2012-4747
https://notcve.org/view.php?id=CVE-2012-4747
04 Sep 2012 — Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. Bugzilla 2.x y 3.x a través de 3.6.11, 3.7.x y 4.0.x anterior a 4.0.8, 4.1.x y 4.2.x anterior a 4.2.3, y 4.3... • http://www.bugzilla.org/security/3.6.10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 168EXPL: 0CVE-2012-3981
https://notcve.org/view.php?id=CVE-2012-3981
04 Sep 2012 — Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Auth/Verify/LDAP.pm en Bugzilla 2.x y 3.x anterio a 3.6.11, 3.7.x y 4.0.x anterior a 4.0.8, 4.1.x y 4.2.x anterior a 4.2.3 y 4.3.x anterior a 4.3.3 no restringe los caracteres de un nombre de usuario, lo que podría permi... • http://osvdb.org/85072 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2012-1968
https://notcve.org/view.php?id=CVE-2012-1968
28 Jul 2012 — Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. Bugzilla v4.1.x y v4.2.x anterior a v4.2.2 y v4.3.x anterior v4.3.2 usa los privilegios de bug-editor en lugar de bugmail-recipient durante la construcción de documentos HTML de bugmail los cuales permite... • http://secunia.com/advisories/50040 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 173EXPL: 0CVE-2012-1969
https://notcve.org/view.php?id=CVE-2012-1969
28 Jul 2012 — The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. La función get_attachment_link en Template.pm en Bugzilla v2.x y v3.x anterior a v3.6.10, v3.7.x y v4.0.x anterior a v4.0.7, v4.... • http://secunia.com/advisories/50040 • CWE-264: Permissions, Privileges, and Access Controls •