Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 5:50 a.m.1 views

SUSE CVE-2011-3669

Cross-site request forgery CSRF vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments...

6.8CVSS7.1AI score0.00128EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:40 a.m.1 views

SUSE CVE-2013-1734

Cross-site request forgery CSRF vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via a...

6.8CVSS7AI score0.00117EPSS
Exploits1References3
CVE
CVEadded 2013/10/24 10:0 a.m.60 views

CVE-2013-1734

CVE-2013-1734 is a CSRF vulnerability in Bugzilla's attachment.cgi that allows remote attackers to hijack user authentication for requests that modify an attachment via an update action. Affected products/versions include Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; a...

6.8CVSS7.1AI score0.00117EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2012/11/16 11:0 a.m.46 views

CVE-2012-4197

CVE-2012-4197 affects Bugzilla’s Attachment.pm in attachment.cgi, allowing remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action. Affected: Bugzilla 2.x/3.x before 3.6.12, 3.7.x, 4.0.x before 4.0.9, 4.1.x/4.2.x before 4.2.4, and 4.3.x/4.4.x before 4.4r...

5CVSS6.6AI score0.00319EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2012/01/02 7:0 p.m.48 views

CVE-2011-3669

CVE-2011-3669 : CSRF vulnerability in Bugzilla’s attachment.cgi permits remote attackers to hijack the authentication of arbitrary users when uploading attachments. Affected software: Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1. Root cause: cross-site request forgery on the attachment upload path....

6.8CVSS7.1AI score0.00128EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVASadded 2009/03/31 12:0 a.m.41 views

Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability

Bugzilla is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to submit attachments in the context of the logged-in user. This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4. OpenVAS Vulnerability Test $Id: bugzilla34308.nasl 4574 2016-11-18 13:36:5...

6.8CVSS0.4AI score0.00347EPSS
Exploits1References1
Prion
Prionadded 2006/02/28 11:2 a.m.15 views

Sql injection

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

7.5CVSS7.7AI score0.00636EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCveadded 2006/02/28 11:2 a.m.21 views

CVE-2006-0915

Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...

7.5CVSS6AI score0.00636EPSS
Exploits0References1
Rows per page
Query Builder