exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from David Lawrence

Bugzilla 4.4.11 / 5.0.2 Summary Cross Site Scripting

Posted May 17, 2016

Authored by Wladimir Palant, Frederic Buclin, David Lawrence | Site bugzilla.org

Bugzilla versions 2.16rc1 to 4.4.11 and 4.5.1 to 5.0.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss

advisories | CVE-2016-2803

SHA-256 | b5b557c9a96230c03f35334bcabd0cbadd09684f233600dafc8de9a79dd18b6b

Download | Favorite | View

Bugzilla Account Creation / XSS / Information Leak

Posted Oct 7, 2014

Authored by Frederic Buclin, Byron Jones, David Lawrence, Netanel Rubin, Simon Green, James Kettle, Matt Tyson | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure

advisories | CVE-2014-1571, CVE-2014-1572, CVE-2014-1573

SHA-256 | 0d0e7c27532f6562403faf6ddb1249c6fce16ba6525feadfe7c92217191a6748

Download | Favorite | View

Bugzilla Cross Site Request Forgery / Social Engineering

Posted Apr 21, 2014

Authored by Frederic Buclin, Byron Jones, Reed Loden, David Lawrence, Manish Goregaokar | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.

tags | advisory, csrf

advisories | CVE-2014-1517

SHA-256 | e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5b

Download | Favorite | View

Bugzilla Cross Site Request Forgery / Cross Site Scripting

Posted Oct 18, 2013

Authored by Frederic Buclin, Mateusz Goik, David Lawrence | Site bugzilla.org

Bugzilla Security Advisory - Multiple cross site scripting and cross site request forgery vulnerabilities have been discovered and addressed in various versions of Bugzilla.

tags | advisory, vulnerability, xss, csrf

advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743, CVE-2012-4189

SHA-256 | 943bffbd4c59491956254e396c5dddc10c25b0b775de07d14bd90dac0cbf7118

Download | Favorite | View

Bugzilla Information Leak / Cross Site Scripting

Posted Nov 15, 2012

Authored by Frederic Buclin, Mateusz Goik, Gervase Markham, David Lawrence | Site bugzilla.org

Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.

tags | advisory, vulnerability, xss, info disclosure

advisories | CVE-2012-4199, CVE-2012-4198, CVE-2012-4189, CVE-2012-4197, CVE-2012-5475

SHA-256 | 21672967035df2502939f68c6fb93cd188b821430fff628d2e01c963fba9c035

Download | Favorite | View