Page 8 of 53 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 109EXPL: 0

CVE-2011-0048

https://notcve.org/view.php?id=CVE-2011-0048

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI. Bugzilla anterior a v3.2.10, v3.4.x anterior a v3.4.10, v3.6.x anterior a v3.6.4, y v4.0.x anterior a v4.0rc2 crea un enlace a un campo URI de la URL (también conocido como bug_file_loc) de (1) javascript: o (2) data:, esto permite a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante URIs manipuladas y contra usuarios que hayan cerrado sesión. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://osvdb.org/70704 http://secunia.com/advisories/43033 http://secunia.com/advisories/43165 http://www.bugzilla.org/security/3.2.9 http://www.debian.org/security/2011/dsa-2322 http://www.securityfocus.com/bid/45982 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 92EXPL: 1

CVE-2010-3764

https://notcve.org/view.php?id=CVE-2010-3764

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. La implementación Old Charts en Bugzilla v2.12 hasta v3.2.8, v3.4.8, v3.6.2, v3.7.3, y v4.1 crea archivos gráficos con nombres predecibles en graphs/, lo que permite a atacantes remotos obtener información sensible a través de URL modificadas. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www.securitytracker.com/id?1024683 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 https://bugzilla.mozilla.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.6EPSS: 0%CPEs: 105EXPL: 0

CVE-2010-3172

https://notcve.org/view.php?id=CVE-2010-3172

CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. Vulnerabilidad de inyección CRLF (se refiere a CR (retorno de carro) y LF (salto de línea)) en Bugzilla anterior a v3.2.9, v3.4.x anterior a v3.4.9, v3.6.x anterior a v3.6.3, y v4.0.x anterior a v4.0rc1, cuando Server Push está habilitado en un navegador Web, permite a atacantes remotos inyectar cabeceras HTTP y contenido de su elección y llevar a cabo ataques de respuesta HTTP divididas a través de una URL manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www.securitytracker.com/id?1024683 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 https://bugzilla.mozilla.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 100EXPL: 0

CVE-2010-2758

https://notcve.org/view.php?id=CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. Bugzilla v2.23.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2, genera mensajes de error diferentes dependiendo de si un producto existe, lo que facilita a atacantes remotos el adivinar nombres de producto a través de un uso sin especificar de las páginas (1) "Reports" o (2) "Duplicates". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 2%CPEs: 78EXPL: 0

CVE-2010-2756

https://notcve.org/view.php?id=CVE-2010-2756

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. Search.pm en Bugzilla v2.19.1 hasta la v3.2.7, v3.3.1 hasta la v3.4.7, v3.5.1 hasta la v3.6.1, y v3.7 hasta la v3.7.2 permite a atacantes remotos determinar la pertenencia a grupos de usuarios de su elección a través de vectores de ataque que involucran el interfaz de búsqueda, "boolean charts" y "group-based pronouns". • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://secunia.com/advisories/40892 http://secunia.com/advisories/41128 http://www.bugzilla.org/security/3.2.7 http://www.securityfocus.com/bid/42275 http://www.vupen.com/english/advisories/2010/2035 http://www.vupen.com/english/advisories/2010/220 • CWE-264: Permissions, Privileges, and Access Controls •