Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability

Bugzilla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. VID b9ec7fe3-a38a-11de-9c6b-003048818f40 OpenVAS Vulnerability Test $ Description: Auto generated from VID b9ec7fe3-a38a-11de-9c6b-003048818f40 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2009-3125

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2009-3166

Bugzilla 3.4rc1–3.4.1 vulnerability: token.cgi places a password in the login URL after a reset, allowing context-dependent attackers to obtain passwords via web server access logs, Referer logs, or browser history. The provided documents confirm Bugzilla involvement and CVE-2009-3166, but do not...