EUVD-2007-5019

Malware in sbrugna...

Design/Logic Flaw

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198...

CVE-2012-4198

The CVE-2012-4198 issue affects Bugzilla’s WebService User.get method in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x/4.4.x before 4.4rc1. Root cause: different outcomes for a groups request depending on whether a group exists, enabling remote authenticated users...

CVE-2007-5038

The offeraccountbyemail function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation...

Design/Logic Flaw

The offeraccountbyemail function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation...

Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass

Binary data 4219.prm...

Bugzilla User.pm非授权创建帐户绕过访问验证漏洞

Bugzilla是一种流行的开源软件Bug跟踪系统。 Bugzilla的实现上存在漏洞，远程攻击者可能利用此漏洞非授权创建帐户获取对系统的访问。 Bugzilla的User.pm模块的offeraccountbyemail函数没有对createemailregexp参数做充分的检查过滤，如果系统上安装了SOAP::Lite Perl模块，那么远程攻击者可能利用此漏洞在系统上创建Bugzilla用户帐号，从而获取对系统的访问。 Mozilla Bugzilla 3.1.2 Mozilla Bugzilla 3.0.2 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2007-0407

Cross-site scripting XSS vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 beta allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate...