Lucene search
K

6 matches found

securityvulns
securityvulns
added 2015/02/23 12:0 a.m.63 views

[ MDVSA-2015:030 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:030 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerability: Some code ...

6.5CVSS6.4AI score0.0204EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/16 12:0 a.m.32 views

Fedora 20 : bugzilla-4.2.13-1.fc20 (2015-1699)

This is a security update for Bugzilla which fixes two issues : - A user with editcomponents permissions could possibly inject system commands in product names and possibly other attributes. - Methods from imported modules could possibly be executed using the WebService API. The first issue is...

6.5CVSS5.5AI score0.0204EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/02/06 12:0 a.m.29 views

Mandriva Linux Security Advisory : bugzilla (MDVSA-2015:030)

Updated bugzilla packages fix security vulnerability : Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630. %NASLMINLEVEL 70300 C Tenabl...

6.5CVSS5.5AI score0.0204EPSS
Exploits0References2
NVD
NVD
added 2015/02/01 3:59 p.m.22 views

CVE-2014-8630

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...

6.5CVSS7AI score0.0204EPSS
Exploits0References7
CVE
CVE
added 2015/02/01 3:0 p.m.68 views

CVE-2014-8630

CVE-2014-8630 affects Bugzilla versions across 4.0.x to 5.x before specific fixed points. The underlying issue is a command injection via a two-argument Perl open call when a crafted input is given in a product name, exploitable by remote authenticated users with editcomponents privilege. Impact ...

6.5CVSS7.1AI score0.0204EPSS
Exploits0References7Affected Software1
Mageia
Mageia
added 2015/01/31 1:23 p.m.43 views

Updated bugzilla packages fix CVE-2014-8630

Updated bugzilla packages fix security vulnerability: Some code in Bugzilla does not properly utilize 3 arguments form for open and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes CVE-2014-8630...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References3
Rows per page
Query Builder