CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

seebug.org•added 2009/04/02 12:0 a.m.•37 views

Bugzilla attachment.cgi跨站请求伪造漏洞

BUGTRAQ ID: 34308 CVECAN ID: CVE-2009-1213 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla允许用户通过HTTP请求执行某些操作，但没有对请求执行有效性检查。如果已登录用户受骗访问了恶意网页的话，就可能通过attachment.cgi提交附件。 Mozilla Bugzilla 3.3.3 Mozilla Bugzilla 3.2.2 Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

6.8CVSS6.4AI score0.00347EPSS

Exploits1

exploitpack•added 2004/04/14 12:0 a.m.•16 views

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

0.5AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by