CVSS: 7.1EPSS: 0%CPEs: 61EXPL: 0CVE-2010-2757
https://notcve.org/view.php?id=CVE-2010-2757
13 Aug 2010 — The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. La funcionalidad sudo de Bugzilla v2.22rc1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 no envía apropiadamente notificaciones de suplantación, lo que facilita a usuarios remotos autenticados el suplant... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 100EXPL: 0CVE-2010-2758
https://notcve.org/view.php?id=CVE-2010-2758
13 Aug 2010 — Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 78EXPL: 0CVE-2010-2756
https://notcve.org/view.php?id=CVE-2010-2756
13 Aug 2010 — Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. Search.pm en Bugzilla v2.19.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 permite a atacantes remotos determinar la pertenencia a grupos de usuarios de su elección a través de vectores de ataque q... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2010-1204
https://notcve.org/view.php?id=CVE-2010-1204
28 Jun 2010 — Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." Search.pm en Bugzilla v2.17.1 hasta v3.2.6, v3.3.1 hasta v3.4.6, v3.5.1 hasta v3.6, y v3.7 permite a atacante remotos obtener potencialmente información sensible del tiempo de seguimiento a través de una búsqueda de URL manipulada, relacionado con "boolean chart search." • http://secunia.com/advisories/40300 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0CVE-2009-3989
https://notcve.org/view.php?id=CVE-2009-3989
03 Feb 2010 — Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en ins... • http://secunia.com/advisories/38443 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-3165
https://notcve.org/view.php?id=CVE-2009-3165
15 Sep 2009 — SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la función de WebService Bug.create en Bugzilla v2.23.4 hasta la v3.0.8, v3.1.1 a v3.2.4, y v3.3.1 hasta la v3.4.1 permite a atacantes remotos ejecutar comandos SQL a través de parámetros no especificados. • http://secunia.com/advisories/36718 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 64EXPL: 0CVE-2008-6098
https://notcve.org/view.php?id=CVE-2008-6098
09 Feb 2009 — Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Bugzilla v3.2 anterior a v3.2 RC2, v3.0 anterior a v3.0.6, v2.22 anterior a v2.22.6, v2.20 anterior a v2.20.7, y otras versiones posteriores a v2.17.4, permite a usuarios autenticados remotamente evitar la moderación para aproba... • http://secunia.com/advisories/32501 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 76EXPL: 0CVE-2009-0481
https://notcve.org/view.php?id=CVE-2009-0481
09 Feb 2009 — Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. Bugzilla v2.x anterior a v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1 y v3.3 anterior a v3.3.2 ; permite a usuarios autenticados en remoto provocar una secuencia de comandos en sitios cruzados (XSS) y ataques relacionados al subir adjuntos HTML... • http://secunia.com/advisories/34361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 0CVE-2009-0482
https://notcve.org/view.php?id=CVE-2009-0482
09 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v3.2 anteriores a v3.2.1, v3.3 anteriores a 3.3.2 y otras versiones anteriores a v3.2 que permite a los atacantes remotos desarrollar un fallo actualizando actividades como otros us... • http://secunia.com/advisories/34361 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 76EXPL: 0CVE-2009-0483
https://notcve.org/view.php?id=CVE-2009-0483
09 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.22 antes de v2.22.7, v3.0 antes de v3.0.7, 3.2 antes de v3.2.1 y v3.3 antes de v3.3.2, permite a atacantes remotos borrar las palabras clave y las preferencia... • http://secunia.com/advisories/34361 • CWE-352: Cross-Site Request Forgery (CSRF) •