Lucene search
Ilja van sprundelEDB-ID:32228HistoryAug 12, 2008 - 12:00 a.m.
Bugzilla 3.1.4 - '--attach_path' Directory Traversal
2008-08-1200:00:00
ilja van sprundel
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/30661/info
Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.
The following versions are affected:
Bugzilla 2.22.1 through 2.22.4
Bugzilla 2.23.3 and later
<data encoding="filename">../relative_path/to/local_file</data>Related
ubuntucve
ubuntucve
CVE-2008-4437
2008-10-03 00:00:00
cvelist
cvelist
CVE-2008-4437
2008-10-03 22:00:00
freebsd
freebsd
Bugzilla -- Directory Traversal in importxml.pl
2008-06-03 00:00:00
nessus
nessus
FreeBSD : Bugzilla -- Directory Traversal in importxml.pl (1d96305d-6ae6-11dd-91d5-000c29d47fd7)
2008-08-17 00:00:00
Fedora 9 : bugzilla-3.2.2-2.fc9 (2009-2418)
2009-03-19 00:00:00
Fedora 10 : bugzilla-3.2.2-2.fc10 (2009-2417)
2009-04-23 00:00:00
prion
prion
Directory traversal
2008-10-03 22:22:00
openvas
openvas
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
FreeBSD Ports: bugzilla, ja-bugzilla
2008-09-04 00:00:00
Fedora Core 9 FEDORA-2009-2418 (bugzilla)
2009-03-20 00:00:00
cve
cve
CVE-2008-4437
2008-10-03 22:22:45
nvd
nvd
CVE-2008-4437
2008-10-03 22:22:45
fedora
fedora
[SECURITY] Fedora 9 Update: bugzilla-3.2.2-2.fc9
2009-03-18 18:59:22
[SECURITY] Fedora 10 Update: bugzilla-3.2.2-2.fc10
2009-03-18 19:06:58
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2010-06-04 00:00:00