Page 8 of 38 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 129EXPL: 0

CVE-2011-2978

https://notcve.org/view.php?id=CVE-2011-2978

Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation. Bugzilla 2.16rc1 hasta la versión 2.22.7, 3.0.x hasta la 3.3.x, 3.4.x anterior a 3.4.12, 3.5.x, 3.6.x anteriores a 3.6.6, 3.7.x, 4.0.x anteriores a 4.0.2 y 4.1.x anteriores a 4.1.3 no tiene en cuenta los cambios a la dirección de e-mail de confirmación (campo old_email) para notificaciones de cambio de e-mail, lo que facilita a atacantes remotos realizar cambios de dirección arbitrarios utilizando un ordenador desatendido. • http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11 http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74301 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=670868 https://exchange.xforce.ibmcloud.com/vulnerabilities/69036 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2010-4209

https://notcve.org/view.php?id=CVE-2010-4209

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.8.0 hasta v2.8.1, tal como se emplea en Bugzilla v3.7.1 hasta v3.7.3 y v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con swfstore/swfstore.swf • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www.openwall.com/lists/oss-security/2010/11/07/1 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 92EXPL: 1

CVE-2010-3764

https://notcve.org/view.php?id=CVE-2010-3764

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. La implementación Old Charts en Bugzilla v2.12 hasta v3.2.8, v3.4.8, v3.6.2, v3.7.3, y v4.1 crea archivos gráficos con nombres predecibles en graphs/, lo que permite a atacantes remotos obtener información sensible a través de URL modificadas. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www.securitytracker.com/id?1024683 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 https://bugzilla.mozilla.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •