what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Reed Loden

Bugzilla 3.x / 4.x Cross Site Request Forgery

Posted Jul 25, 2014

Authored by Mario Gomes, Byron Jones, Reed Loden, Simon Green | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.

tags | advisory, csrf

advisories | CVE-2014-1546

SHA-256 | cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0

Download | Favorite | View

Bugzilla Cross Site Request Forgery / Social Engineering

Posted Apr 21, 2014

Authored by Frederic Buclin, Byron Jones, Reed Loden, David Lawrence, Manish Goregaokar | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.

tags | advisory, csrf

advisories | CVE-2014-1517

SHA-256 | e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5b

Download | Favorite | View

Bugzilla LDAP Injection / Directory Browsing

Posted Aug 31, 2012

Authored by Frederic Buclin, Byron Jones, Reed Loden | Site bugzilla.org

Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.

tags | advisory

advisories | CVE-2012-3981

SHA-256 | a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636

Download | Favorite | View