CVSS: 5.3EPSS: 0%CPEs: 100EXPL: 0CVE-2010-2758
https://notcve.org/view.php?id=CVE-2010-2758
13 Aug 2010 — Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 52EXPL: 0CVE-2010-2759
https://notcve.org/view.php?id=CVE-2010-2759
13 Aug 2010 — Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, cuando se utiliza PostgreSQL, no maneja apropiadamente enteros grandes en elementos (1) "bug" y... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 44EXPL: 0CVE-2010-1204
https://notcve.org/view.php?id=CVE-2010-1204
28 Jun 2010 — Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." Search.pm en Bugzilla v2.17.1 hasta v3.2.6, v3.3.1 hasta v3.4.6, v3.5.1 hasta v3.6, y v3.7 permite a atacante remotos obtener potencialmente información sensible del tiempo de seguimiento a través de una búsqueda de URL manipulada, relacionado con "boolean chart search." • http://secunia.com/advisories/40300 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0CVE-2009-3989
https://notcve.org/view.php?id=CVE-2009-3989
03 Feb 2010 — Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en ins... • http://secunia.com/advisories/38443 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3387
https://notcve.org/view.php?id=CVE-2009-3387
03 Feb 2010 — Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances. Bugzilla desde v3.3.1 hasta v3.4.4, v3.5.1, y v3.5.2 no permite que se mantengan las restricciones de grupo durante el proceso de traslado de un bug a otra categoría de producto, lo que permite a atacantes remotos conseguir i... • http://secunia.com/advisories/38443 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3386
https://notcve.org/view.php?id=CVE-2009-3386
20 Nov 2009 — Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. El fichero Template.pm en Bugzilla v3.3.2 hasta la v3.4.3 y v3.5 hasta la v3.5.1 permite descubrir a atacantes remotos el alias de un bug privado al leer los campos (1) "Depends On" o (2) "Blocks" de un bug relacionado. • http://osvdb.org/60271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3125
https://notcve.org/view.php?id=CVE-2009-3125
15 Sep 2009 — SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la función Bug.search de WebService en Bugzilla v3.3.2 hasta la v3.4.1 y v3.5, permite a atacantes remotos ejecutar comandos SQL a través de parámetros no especificados. • http://secunia.com/advisories/36718 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2009-3165
https://notcve.org/view.php?id=CVE-2009-3165
15 Sep 2009 — SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Vulnerabilidad de inyección SQL en la función de WebService Bug.create en Bugzilla v2.23.4 hasta la v3.0.8, v3.1.1 a v3.2.4, y v3.3.1 hasta la v3.4.1 permite a atacantes remotos ejecutar comandos SQL a través de parámetros no especificados. • http://secunia.com/advisories/36718 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3166
https://notcve.org/view.php?id=CVE-2009-3166
15 Sep 2009 — token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. token.cgi en Bugzilla v3.4rc1 hasta v3.4.1 coloca una contraseña en una URL al comienzo del inicio de sesión que ocurre inmediatamente después del restablecimiento de la contraseña, lo que permite de... • http://secunia.com/advisories/36718 • CWE-255: Credentials Management Errors •