9 matches found
CVE-2009-3165
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters...
Fedora Update for bugzilla FEDORA-2010-1458
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mozilla Bugzilla 'Bug.create()' WebService Function SQL Injection Vulnerability
Bugzilla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Fedora 11 : bugzilla-3.2.5-1.fc11 (2009-9554)
Update to upstream version 3.2.5 fixing two SQL injection security flaws CVE-2009-3125, CVE-2009-3165 detailed in the upstream security advisory: http://www.bugzilla.org/security/3.0.8/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Fedora Core 11 FEDORA-2009-9554 (bugzilla)
The remote host is missing an update to bugzilla announced via advisory FEDORA-2009-9554. OpenVAS Vulnerability Test $Id: fcore20099554.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9554 bugzilla Authors: Thomas Reinke Copyright: Copyright c 2009...
Fedora 10 : bugzilla-3.2.5-1.fc10 (2009-9550)
Update to upstream version 3.2.5 fixing two SQL injection security flaws CVE-2009-3125, CVE-2009-3165 detailed in the upstream security advisory: http://www.bugzilla.org/security/3.0.8/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Fedora Core 10 FEDORA-2009-9550 (bugzilla)
The remote host is missing an update to bugzilla announced via advisory FEDORA-2009-9550. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...
CVE-2009-3165
CVE-2009-3165 is a SQL injection vulnerability affecting Bugzilla 2.23.4–3.0.8, 3.1.1–3.2.4, and 3.3.1–3.4.1 via Bug.create WebService parameters, enabling remote arbitrary SQL execution. Connected advisories confirm impact and remediation guidance, notably Gentoo GLSA 2010-06-19 recommending upg...
Bugzilla < 3.0.9/3.2.5/3.4.2 Multiple Vulnerabilities
Binary data 5169.prm...