Page 8 of 79 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 61EXPL: 0

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. La funcionalidad sudo de Bugzilla v2.22rc1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 no envía apropiadamente notificaciones de suplantación, lo que facilita a usuarios remotos autenticados el suplantar a otros usuarios sin una exploración. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. Bugzilla anteriores a v3.0.11, v3.2.x anteriores a v3.2.6, v3.4.x anteriores a v3.4.5, y v3.5.x anteriores a v3.5.3 no bloquea el acceso a ficheros y directorios que son utilizados en instalaciones personalizadas, lo que permite a atacantes remotos conseguir información sensible a través de peticiones para (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. • http://secunia.com/advisories/38443 http://www.securityfocus.com/archive/1/509282/100/0/threaded http://www.securityfocus.com/bid/38025 http://www.vupen.com/english/advisories/2010/0261 https://bugzilla.mozilla.org/show_bug.cgi?id=314871 https://bugzilla.mozilla.org/show_bug.cgi?id=434801 https://exchange.xforce.ibmcloud.com/vulnerabilities/56003 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 76EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v3.2 anteriores a v3.2.1, v3.3 anteriores a 3.3.2 y otras versiones anteriores a v3.2 que permite a los atacantes remotos desarrollar un fallo actualizando actividades como otros usuarios a través de un enlace o etiqueta IMG a process_bug.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.5EPSS: 0%CPEs: 76EXPL: 0

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. Bugzilla v2.x anterior a v2.22.7, v3.0 anterior a v3.0.7, v3.2 anterior a v3.2.1 y v3.3 anterior a v3.3.2 ; permite a usuarios autenticados en remoto provocar una secuencia de comandos en sitios cruzados (XSS) y ataques relacionados al subir adjuntos HTML y JavaScript que son interpretados por los navegadores Web. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 76EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.22 antes de v2.22.7, v3.0 antes de v3.0.7, 3.2 antes de v3.2.1 y v3.3 antes de v3.3.2, permite a atacantes remotos borrar las palabras clave y las preferencias de usuario mediante un enlace o una etiqueta IMG a (1) editkeywords.cgi o (2) userprefs.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://bugzilla.mozilla.org/show_bug.cgi?id=472362 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •