CVE-2012-0440

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

CVE-2011-2977

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3...

Bugzilla 'time-tracking' Information Disclosure Vulnerability

Bugzilla is prone to an information-disclosure vulnerability. Exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. This issue affects the following: Bugzilla 2.17.1 through 3.2.6 Bugzilla 3.3.1 through 3.4.6 Bugzilla 3.5.1 through 3.6 Bugzilla 3....