FreeBSD : bugzilla -- information disclosure (f1331504-8849-11df-89b8-00151735203a)

A Bugzilla Security Advisory reports : - Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the 'time-tracking group'. However, any user was able, by crafting their own search URL, to search for bugs based using those...

Mozilla Bugzilla localconfig文件信息泄露漏洞

BUGTRAQ ID: 41144 CVE ID: CVE-2010-0180 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 如果在localconfig文件中将$usesuexec设置为1，则localconfig文件的权限就会被设置为checksetup.pl完全可读，这允许所有拥有本地shell访问的用户都可以查看文件内容，包括数据库口令和用于防范CSRF的sitewidesecret变量。 Mozilla Bugzilla 3.x Mozilla Bugzilla 2.x 厂商补丁： Mozilla -------...

bugzilla -- information disclosure

A Bugzilla Security Advisory reports: Normally, information about time-tracking estimated hours, actual hours, hours worked, and deadlines is restricted to users in the "time-tracking group". However, any user was able, by crafting their own search URL, to search for bugs based using those fields...