CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Prion•added 2014/10/13 1:55 a.m.•29 views

Design/Logic Flaw

The confirmcreateaccount function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attacke...

5CVSS7.1AI score0.01104EPSS

Exploits0References14Affected Software2

NVD•added 2013/10/24 10:53 a.m.•16 views

CVE-2013-1734

Cross-site request forgery CSRF vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via a...

6.8CVSS7.1AI score0.00117EPSS

Exploits1References2

Prion•added 2012/11/16 12:24 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version...

4.3CVSS5.9AI score0.00296EPSS

Exploits3References3Affected Software1

UbuntuCve•added 2012/07/30 1:55 p.m.•24 views

CVE-2012-1968

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mai...

4.3CVSS5.9AI score0.00283EPSS

Exploits0References4

Cvelist•added 2012/07/28 6:0 p.m.•15 views

CVE-2012-1969

The getattachmentlink function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allow...

5.8AI score0.00388EPSS

Exploits0References4

UbuntuCve•added 2012/04/27 8:55 p.m.•22 views

CVE-2012-0466

template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting XSS attacks and obtain sensitive bug information via a...

4CVSS5.9AI score0.00319EPSS

Exploits0References3

UbuntuCve•added 2012/02/02 6:55 p.m.•21 views

CVE-2012-0440

Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...

5.1CVSS5.9AI score0.00182EPSS

Exploits2References2

UbuntuCve•added 2011/08/09 7:55 p.m.•27 views

CVE-2011-2979

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756...

5CVSS5.9AI score0.00688EPSS

Exploits1References1

ATTACKERKB•added 2011/08/09 7:55 p.m.•0 views

CVE-2011-2979

5CVSS5.7AI score0.00838EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by