6 matches found
[ MDVSA-2015:030 ] bugzilla
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:030 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerability: Some code ...
Fedora 20 : bugzilla-4.2.13-1.fc20 (2015-1699)
This is a security update for Bugzilla which fixes two issues : - A user with editcomponents permissions could possibly inject system commands in product names and possibly other attributes. - Methods from imported modules could possibly be executed using the WebService API. The first issue is...
Mandriva Linux Security Advisory : bugzilla (MDVSA-2015:030)
Updated bugzilla packages fix security vulnerability : Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630. %NASLMINLEVEL 70300 C Tenabl...
CVE-2014-8630
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...
CVE-2014-8630
CVE-2014-8630 affects Bugzilla versions across 4.0.x to 5.x before specific fixed points. The underlying issue is a command injection via a two-argument Perl open call when a crafted input is given in a product name, exploitable by remote authenticated users with editcomponents privilege. Impact ...
Updated bugzilla packages fix CVE-2014-8630
Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...