what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

Files from Max Kanat-Alexander

First Active2005-10-06
Last Active2010-11-05
Bugzilla HTTP Response Splitting / Cross Site Scripting / Information Leak
Posted Nov 5, 2010
Authored by Max Kanat-Alexander | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.2.8, 3.4.8, 3.6.2 and 3.7.3 suffer from multiple vulnerabilities. There is a way to inject both headers and content to users, causing a serious cross site scripting vulnerability. It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names. YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.

tags | advisory, vulnerability, xss
advisories | CVE-2010-3172, CVE-2010-3764
MD5 | 7d0dcc3c375d4e5fb36677d542175508
bugzilla-multi.txt
Posted May 6, 2008
Authored by Frederic Buclin, Max Kanat-Alexander, Bradley Baetz, Loren Butler, Marc Schumann | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.

tags | advisory, xss
MD5 | 13db085e595afc0bfe20386178dd1ece
bugzilla-multiple.txt
Posted Feb 6, 2007
Authored by Dave Miller, Frederic Buclin, Max Kanat-Alexander, Olav Vitters | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.20.1 and above suffer from a cross site scripting vulnerability. Version 2.23.3 suffers from a database password disclosure flaw.

tags | advisory, xss
MD5 | 69ffd8fbfbab9aae67c189f99ee9d20b
bugzillaLeaks.txt
Posted Oct 6, 2005
Authored by Joel Peshkin, Myk Melez, Frederic Buclin, Max Kanat-Alexander

Bugzilla versions below 2.20 are susceptible to multiple information leaks.

tags | advisory
MD5 | 1b3d2b26cf30a45c49948856a5b6bcf2
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close