NotCVE - vendor:"Mozilla" product:"Bugzilla" version:"4.1.3"

Page 4 of 33 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 160EXPL: 0

CVE-2011-3667

https://notcve.org/view.php?id=CVE-2011-3667

02 Jan 2012 — The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account settings, which allows remote attackers to create user accounts by leveraging a token contained in an e-mail message. El método WebService User.offer_account_by_email en Bugzilla v2.x y v3.x antes de v3.4.13, en v3.5.x y v3.6.x antes de v3.6.7, en v3.7... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0184.html • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 161EXPL: 1

CVE-2011-3668

https://notcve.org/view.php?id=CVE-2011-3668

02 Jan 2012 — Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en post_bug.cgi en Bugzilla v2.x, v3.x, y v4.x antes de v4.2rc1, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que crean informes de bugs. • http://secunia.com/advisories/47368 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 161EXPL: 1

CVE-2011-3669

https://notcve.org/view.php?id=CVE-2011-3669

02 Jan 2012 — Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en attachment.cgi en Bugzilla v2.x, v3.x, y v4.x antes de v4.2rc1, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que suben adjuntos • http://secunia.com/advisories/47368 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3 4