what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Frederic Buclin

First Active2005-07-09
Last Active2016-05-17
Bugzilla 4.4.11 / 5.0.2 Summary Cross Site Scripting
Posted May 17, 2016
Authored by Wladimir Palant, Frederic Buclin, David Lawrence | Site bugzilla.org

Bugzilla versions 2.16rc1 to 4.4.11 and 4.5.1 to 5.0.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-2803
MD5 | 3e5ce833ae65e786a9d7b4455d460f20
Bugzilla Unauthorized Account Creation
Posted Sep 10, 2015
Authored by Frederic Buclin, Byron Jones, Netanel Rubin | Site bugzilla.org

Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.

tags | advisory
advisories | CVE-2015-4499
MD5 | 53df4eefd8d46a7e139089eeb1c05da4
Bugzilla Account Creation / XSS / Information Leak
Posted Oct 7, 2014
Authored by Frederic Buclin, Byron Jones, David Lawrence, Netanel Rubin, Simon Green, James Kettle, Matt Tyson | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2014-1571, CVE-2014-1572, CVE-2014-1573
MD5 | f2be692d17f3a25b9e524791db3e36bb
Bugzilla Cross Site Request Forgery / Social Engineering
Posted Apr 21, 2014
Authored by Frederic Buclin, Byron Jones, Reed Loden, David Lawrence, Manish Goregaokar | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.

tags | advisory, csrf
advisories | CVE-2014-1517
MD5 | 7163343ad30a02b61290651c679b24cb
Bugzilla Cross Site Request Forgery / Cross Site Scripting
Posted Oct 18, 2013
Authored by Frederic Buclin, Mateusz Goik, David Lawrence | Site bugzilla.org

Bugzilla Security Advisory - Multiple cross site scripting and cross site request forgery vulnerabilities have been discovered and addressed in various versions of Bugzilla.

tags | advisory, vulnerability, xss, csrf
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743, CVE-2012-4189
MD5 | bb3dbfca22221f11ac76979755c3e0f9
Bugzilla Information Leak / Cross Site Scripting
Posted Nov 15, 2012
Authored by Frederic Buclin, Mateusz Goik, Gervase Markham, David Lawrence | Site bugzilla.org

Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2012-4199, CVE-2012-4198, CVE-2012-4189, CVE-2012-4197, CVE-2012-5475
MD5 | 86faf002a7cf81928fcd151b0d3f7d15
Bugzilla LDAP Injection / Directory Browsing
Posted Aug 31, 2012
Authored by Frederic Buclin, Byron Jones, Reed Loden | Site bugzilla.org

Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.

tags | advisory
advisories | CVE-2012-3981
MD5 | ea6d033217de11066c4b107916cb888d
Bugzilla Information Leaks
Posted Jul 28, 2012
Authored by Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 4.1.1 to 4.2.1, 4.3.1 suffer from a permission trust vulnerability. Bugzilla versions 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 leak the description of a private attachment.

tags | advisory, info disclosure
advisories | CVE-2012-1968, CVE-2012-1969
MD5 | 7a52bc595125bf7275ea48a69e10296b
Bugzilla Unauthorized Access / Cross Site Scripting
Posted Apr 19, 2012
Authored by Soroush Dalili, Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0465, CVE-2012-0466
MD5 | 080f4edb5da8c3f2bcc784a578a6d7a2
bugzilla-multi.txt
Posted May 6, 2008
Authored by Frederic Buclin, Max Kanat-Alexander, Bradley Baetz, Loren Butler, Marc Schumann | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.

tags | advisory, xss
MD5 | 13db085e595afc0bfe20386178dd1ece
bugzilla-multiple.txt
Posted Feb 6, 2007
Authored by Dave Miller, Frederic Buclin, Max Kanat-Alexander, Olav Vitters | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.20.1 and above suffer from a cross site scripting vulnerability. Version 2.23.3 suffers from a database password disclosure flaw.

tags | advisory, xss
MD5 | 69ffd8fbfbab9aae67c189f99ee9d20b
bugzillaLeaks.txt
Posted Oct 6, 2005
Authored by Joel Peshkin, Myk Melez, Frederic Buclin, Max Kanat-Alexander

Bugzilla versions below 2.20 are susceptible to multiple information leaks.

tags | advisory
MD5 | 1b3d2b26cf30a45c49948856a5b6bcf2
bugzillaLeak.txt
Posted Jul 9, 2005
Authored by Joel Peshkin, Myk Melez, Frederic Buclin, Matthias Versen

Bugzilla versions prior to 2.18.2 are susceptible to multiple information leak vulnerabilities.

tags | advisory, vulnerability
MD5 | 7a22002a753c17e2d63241b5e72a623e
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close