3 matches found
Debian Security Advisory DSA 230-1 (bugzilla)
The remote host is missing an update to bugzilla announced via advisory DSA 230-1. OpenVAS Vulnerability Test $Id: deb2301.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 230-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
CVE-2003-0013
CVE-2003-0013 concerns Bugzilla’s default .htaccess behavior. The bug is that backups of localconfig created by editors (e.g., vi, Emacs; often .swp or ~ files) were not blocked by the default .htaccess, potentially allowing remote attackers to download a backup and obtain the database password. ...
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by...