15 matches found
EUVD-2018-16909
Malware in sbrugna...
SUSE CVE-2013-1743
Multiple cross-site scripting XSS vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as...
CVE-2018-5123
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...
Fedora 26 : bugzilla (2018-b79f325c48)
A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. This security bug has been published as CVE-2018-5123. This updates contains Bugzilla 5.0.4, which fixes the issue. Note that Tenable Network...
Bugzilla 'report.cgi' Cross-Site Request Forgery Vulnerability
Bugzilla is a Web-based bug tracking system used by a large number of software projects. A cross-site request forgery vulnerability exists in 'report.cgi' in Bugzilla. An attacker could exploit this vulnerability to obtain confidential information...
FreeBSD : Bugzilla security issues (22283b8c-13c5-11e8-a861-20cf30e32f6d)
Bugzilla Security Advisory A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...
Bugzilla security issues
Bugzilla Security Advisory A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to...
TranscenDevelopment Hot Links SQL 'report.cgi' SQL Injection Vulnerability
TranscenDevelopment Hot Links SQL is the United States TranscenDevelopment company's set of links indexing, search engine CGI scripts. A SQL injection vulnerability exists in TranscenDevelopment Hot Links SQL, which arises from the program's failure to adequately filter user-submitted input befor...
Google Urchin 5.7.3 Report.CGI Authorization Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26037/info Google Urchin is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain administrative access to the vulnerable application. This may lead to other attacks. Urchin 5.7.03 is...
CVE-2013-1743
Multiple cross-site scripting XSS vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as...
CVE-2013-1743
CVE-2013-1743 is a cross-site scripting (XSS) vulnerability in Bugzilla’s report.cgi used to build tabular reports. It allows remote attackers to inject arbitrary script/HTML via a field value (e.g., the sum mary or real name) during report construction, due to an incomplete fix for CVE-2012-4189...
CVE-2013-1743
Multiple cross-site scripting XSS vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as...
Hot Links SQL report.cgi SQL Injection
New eVuln Advisory: report.cgi SQL inj in Hot Links SQL http://evuln.com/vulns/141/summary.html -----------Summary----------- eVuln ID: EV0141 Software: Hot Links SQL 3 Vendor: Mrcgiguy Version: 3.2.0 Critical Level: medium Type: SQL injection Status: Unpatched. No reply from developers PoC:...
Google Urchin <= 5.7.03 report.cgi Administrative Bypass
Binary data 4242.prm...
CVE-2007-5113
CVE-2007-5113 affects Google Urchin 5 (<= 5.7.03) where report.cgi allows remote attackers to bypass authentication and access sensitive information (web server logs) by modifying query parameters such as profile, rid, prefs, n, vid, bd, ed, dt, and gtype. The vulnerability is related to an au...