5 matches found
Directory traversal
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attachpath is enabled, allows remote attackers to read arbitrary files via an XML file with a .. dot dot in the data element...
CVE-2008-4437
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attachpath is enabled, allows remote attackers to read arbitrary files via an XML file with a .. dot dot in the data element...
CVE-2008-4437
CVE-2008-4437 describes a directory traversal vulnerability in Bugzilla’s importxml.pl when --attach_path is enabled. It affects Bugzilla versions before 2.22.5 and 3.x before 3.0.5, allowing a remote attacker to read arbitrary files by placing a .. in the data element of an XML file. The issue’s...
FreeBSD : Bugzilla -- Directory Traversal in importxml.pl (1d96305d-6ae6-11dd-91d5-000c29d47fd7)
A Bugzilla Security Advisory reports : When importing bugs using importxml.pl, the --attachpath option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious ../relativepath/to/localfile node, the script...
Bugzilla -- Directory Traversal in importxml.pl
A Bugzilla Security Advisory reports: When importing bugs using importxml.pl, the --attachpath option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious ../relativepath/to/localfile node, the script...