11 matches found
CVE-2003-0012
CVE-2003-0012 (Bugzilla) is associated with Bugzilla data/mining directory being set to world-writable when the data collection script runs, enabling local modification or deletion of collected data. The vulnerability is documented in Debian DSA-230-1 and Debian/NVD entries, with affected Bugzill...
CVE-2010-3172
CVE-2010-3172 describes a CRLF injection/HTTP response-splitting vulnerability in Bugzilla when Server Push is enabled, allowing a crafted URL to inject arbitrary HTTP headers and content. Affected Bugzilla versions: 3.2.9 and later within 3.2.x; 3.4.x before 3.4.9; 3.6.x before 3.6.3; 4.0.x befo...
CVE-2011-2977
Bugzilla 3.6.x (up to 3.6.5), 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows fail to delete temporary files created for uploaded attachments, allowing local users to read sensitive data. Root cause: regression in 3.6. Additionally, the vulnerability is limited to Windows builds as s...
CVE-2001-1406
CVE-2001-1406 affects Bugzilla prior to 2.14. The vulnerability occurs when moving a bug between product groups, where the groupset flag is not updated, causing the bug to retain the old group’s (potentially less stringent) restrictions. This is a local issue with low public impact per the CVSS v...
CVE-2008-7292
Technical details for CVE-2008-7292 are not publicly provided in the supplied documents. Monitor for updates; the Bugzilla local-file disclosure described in the initial entry is not elaborated here.
CVE-2005-2174
CVE-2005-2174 concerns Bugzilla where Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 insert bugs before they are private, enabling a race condition that can expose bug details via buglist.cgi before MySQL replication completes. Connected references corroborate the flaw and i...
CVE-2006-5455
CVE-2006-5455 is a CSRF vulnerability in Bugzilla’s editversions.cgi that allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Affected releases are Bugzilla versions before 2.22.1 and 2.23.x before 2.23.3. The root cause is insufficient CSRF...
CVE-2003-0603
CVE-2003-0603 affects Bugzilla up to 2.16.2/2.17.x: local users could overwrite arbitrary files via a symlink attack on temporary files created in world- or group-writable directories. Root cause: insecure handling of temporary filenames leading to symlink exploits. Impact: local privilege or fil...
CVE-2004-0706
CVE-2004-0706 concerns Bugzilla 2.17.5 through 2.17.7 . The vulnerability is that Bugzilla embeds the database password in an image URL, which could allow local users to view the password via web server log files. The descriptions in the provided documents confirm the affected versions and the ro...
CVE-2001-1405
Bugzilla before 2.14 allows local users to cause a denial of service by flooding sanitycheck.cgi due to lack of access restriction. Affected component: sanitycheck.cgi in Bugzilla; root cause: insufficient access control. Impact: CPU consumption leading to partial availability loss. Exploit detai...
CVE-2002-0806
Bugzilla 2.14 prior to 2.14.2 and 2.16 prior to 2.16rc2 is vulnerable: authenticated users with editing privileges can delete other users by calling editusers.cgi with the "del" option. Affected versions include Bugzilla 2.14.x before 2.14.2 and 2.16.x before 2.16rc2. The issue, as described in t...