2 matches found
FreeBSD : bugzilla -- 'createmailregexp' security bypass vulnerability (f8d3689e-6770-11dc-8be8-02e0185f8d72)
The Bugzilla development team reports : Bugzilla::WebService::User::offeraccountbyemail does not check the 'createemailregexp' parameter, and thus allows users to create accounts who would normally be denied account creation. The 'emailregexp' parameter is still checked. If you do not have the...
CVE-2007-5038
CVE-2007-5038 affects Bugzilla WebService: offer_account_by_email in User.pm does not validate the createemailregexp parameter, permitting remote creation of accounts that would be denied by the email regexp. Affected versions are Bugzilla before 3.0.2 and 3.1.x before 3.1.2. Exploitation would b...