CVE-2009-0483
https://notcve.org/view.php?id=CVE-2009-0483
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Bugzilla v2.22 antes de v2.22.7, v3.0 antes de v3.0.7, 3.2 antes de v3.2.1 y v3.3 antes de v3.3.2, permite a atacantes remotos borrar las palabras clave y las preferencias de usuario mediante un enlace o una etiqueta IMG a (1) editkeywords.cgi o (2) userprefs.cgi. • http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.6 http://www.securityfocus.com/bid/33580 https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://bugzilla.mozilla.org/show_bug.cgi?id=472362 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2008-4437 – Bugzilla 3.1.4 - '--attach_path' Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4437
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. Vulnerabilidad de salto de directorio en importxml.pl de Bugzilla versiones anteriores a v2.22.5, y 3.x versiones anteriores a v3.0.5, cuando --attach_path está activo, permite a atacantes remotos leer ficheros de su elección a través de un fichero XML con .. (punto punto) en el elemento "data". • https://www.exploit-db.com/exploits/32228 http://secunia.com/advisories/31444 http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.22.4 http://www.securityfocus.com/bid/30661 http://www.securitytracker.com/id?1020668 http://www.vupen.com/english/advisories/2008/2344 https://bugzilla.mozilla.org/show_bug.cgi?id=437169 https://exchange.xforce.ibmcloud.com/vulnerabilities/44407 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-2105
https://notcve.org/view.php?id=CVE-2008-2105
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses. El archivo email_in.pl en Bugzilla versión 2.23.4, versiones 3.0.x anteriores a 3.0.4, y versiones 3.1.x anteriores a 3.1.4, permite a usuarios autentificados remotos falsificar más fácilmente al cambiador de un bug por medio de un comando @reporter en el cuerpo de un mensaje de correo electrónico, que inválida la dirección de correo electrónico tal y como es obtenida normalmente desde el encabezado de correo electrónico From. NOTA: puesto que los encabezados From son fácilmente falsificados, esto sólo cruza los límites de privilegios en entornos que proporcionan una comprobación adicional de direcciones de correo electrónico. • http://secunia.com/advisories/30064 http://secunia.com/advisories/30167 http://www.bugzilla.org/security/2.20.5 http://www.securityfocus.com/bid/29038 http://www.securitytracker.com/id?1019969 http://www.vupen.com/english/advisories/2008/1428/references https://bugzilla.mozilla.org/show_bug.cgi?id=419188 https://exchange.xforce.ibmcloud.com/vulnerabilities/42235 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html https://www.redhat.com/archives/fedora-pa • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4539
https://notcve.org/view.php?id=CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. La interfaz WebService (XML-RPC) en Bugzilla 2.23.3 hasta la 3.0.0 no hace cumplir los permisos para los campos time-tracking de los fallos (bugs), lo cual permite a atacantes remotos obtener información sensible a través de ciertas respuestas XML-RPC, como se demostró por los campos (1) Deadline y (2) Estimated Time. • http://osvdb.org/37202 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=382056 https://exchange.xforce.ibmcloud.com/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-4538
https://notcve.org/view.php?id=CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. email_in.pl en Bugzilla 2.23.4 hasta la 3.0.0 permite a atacantes remotos ejecutar comandos de su elección a través de la opción -f (Dirección Desde) en la función Email::Send::Sendmail, probablemente afectando al interprete de comandos de metacaracteres. • http://osvdb.org/37203 http://secunia.com/advisories/26584 http://secunia.com/advisories/26971 http://security.gentoo.org/glsa/glsa-200709-18.xml http://www.bugzilla.org/security/2.20.4 http://www.securityfocus.com/archive/1/477630/100/0/threaded http://www.securityfocus.com/bid/25425 http://www.securitytracker.com/id?1018604 http://www.vupen.com/english/advisories/2007/2977 https://bugzilla.mozilla.org/show_bug.cgi?id=386860 https://exchange.xforce.ibmcloud.com/ •