Bugzilla Security Vulnerabilities and Issues — Bugzilla CVE List

Lucene search

MozillaBugzilla

3 matches found

CVE•added 2009/09/15 10:30 p.m.•48 views

CVE-2009-3165

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5CVSS8AI score0.00328EPSS

CVE•added 2009/09/15 10:30 p.m.•45 views

CVE-2009-3125

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5CVSS8AI score0.00328EPSS

CVE•added 2009/09/15 10:30 p.m.•42 views

CVE-2009-3166

token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the bro...

5CVSS6.2AI score0.00357EPSS