MitreCVELIST:CVE-2006-5454CVE-2006-5454
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in “diff” mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
References
secunia.com/advisories/22409
secunia.com/advisories/22790
security.gentoo.org/glsa/glsa-200611-04.xml
securityreason.com/securityalert/1760
securitytracker.com/id?1017064
www.bugzilla.org/security/2.18.5/
www.osvdb.org/29546
www.osvdb.org/29547
www.securityfocus.com/archive/1/448777/100/100/threaded
www.securityfocus.com/bid/20538
www.vupen.com/english/advisories/2006/4035
bugzilla.mozilla.org/show_bug.cgi?id=346086
bugzilla.mozilla.org/show_bug.cgi?id=346564
Related
