exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Bugzilla Unauthorized Access / Cross Site Scripting
Posted Apr 19, 2012
Authored by Soroush Dalili, Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0465, CVE-2012-0466
SHA-256 | cd5bcb16d9fc77f836d09c3e0255fb95fd2cfe29cc6147822f65c77d60475b15

Related Files

Mandriva Linux Security Advisory 2014-169
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-169 - Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

tags | advisory, remote, csrf
systems | linux, mandriva
advisories | CVE-2014-1546
SHA-256 | f5bd598a395b6c05ed00bff7322ba053ea6bda85e2b6ae397f5bc9946a6a1af1
Bugzilla 3.x / 4.x Cross Site Request Forgery
Posted Jul 25, 2014
Authored by Mario Gomes, Byron Jones, Reed Loden, Simon Green | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-1546
SHA-256 | cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0
Bugzilla Cross Site Request Forgery / Social Engineering
Posted Apr 21, 2014
Authored by Frederic Buclin, Byron Jones, Reed Loden, David Lawrence, Manish Goregaokar | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.0 through 4.4.2 and 4.5.1 through 4.5.2 suffer from a cross site request forgery vulnerability. Bugzilla versions 2.0 through 4.0.11, 4.1.1 through 4.2.7, 4.3.1 through 4.4.2, and 4.5.1 through 4.5.2 suffer from a social engineering vulnerability.

tags | advisory, csrf
advisories | CVE-2014-1517
SHA-256 | e3f8c68b0a1bbdf0fb518956a6f0baea7892e0d7d30f6fb5905d155c12849c5b
Mandriva Linux Security Advisory 2013-285
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743
SHA-256 | 218ee3f02337407ea357a0fe94a4fa234c1430469d582fb26b223bd5e81d8b83
Bugzilla Cross Site Request Forgery / Cross Site Scripting
Posted Oct 18, 2013
Authored by Frederic Buclin, Mateusz Goik, David Lawrence | Site bugzilla.org

Bugzilla Security Advisory - Multiple cross site scripting and cross site request forgery vulnerabilities have been discovered and addressed in various versions of Bugzilla.

tags | advisory, vulnerability, xss, csrf
advisories | CVE-2013-1733, CVE-2013-1734, CVE-2013-1742, CVE-2013-1743, CVE-2012-4189
SHA-256 | 943bffbd4c59491956254e396c5dddc10c25b0b775de07d14bd90dac0cbf7118
Mandriva Linux Security Advisory 2013-066
Posted Apr 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-066 - The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Various other issues were also addressed.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2012-1969, CVE-2012-3981, CVE-2012-4189, CVE-2012-4197, CVE-2012-4198, CVE-2012-4199, CVE-2012-5883, CVE-2013-0785, CVE-2013-0786
SHA-256 | e6cfe4b2630782972753b045d1d3e894e084dfcfd1de0180473c8bbad6ad3f7d
Red Hat Security Advisory 2013-0215-01
Posted Feb 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0215-01 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories. A local attacker could use this flaw to escalate their privileges to that of the abrt user.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2012-5659, CVE-2012-5660
SHA-256 | 7f38239b68caa28a939cee16cf54cd786e2838a972acca20d93ec6356f645d91
Bugzilla Information Leak / Cross Site Scripting
Posted Nov 15, 2012
Authored by Frederic Buclin, Mateusz Goik, Gervase Markham, David Lawrence | Site bugzilla.org

Bugzilla suffers from multiple information leak and cross site scripting vulnerabilities. Various versions ranging from 2.x through 4.x are affected.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2012-4199, CVE-2012-4198, CVE-2012-4189, CVE-2012-4197, CVE-2012-5475
SHA-256 | 21672967035df2502939f68c6fb93cd188b821430fff628d2e01c963fba9c035
Secunia Security Advisory 51265
Posted Nov 14, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and multiple vulnerabilities have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and script insertion attacks.

tags | advisory, vulnerability, xss
SHA-256 | 60968149970364fe5ad11c1e8d0a92765ca7f45cf076c386c2a406b15faa832e
Secunia Security Advisory 50433
Posted Sep 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability and a security issue have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data.

tags | advisory
SHA-256 | a5cfea192d40d1bbb0e2d4ee70ce226e122c3adc7fec1a3ed96fd765a277608a
Bugzilla LDAP Injection / Directory Browsing
Posted Aug 31, 2012
Authored by Frederic Buclin, Byron Jones, Reed Loden | Site bugzilla.org

Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.

tags | advisory
advisories | CVE-2012-3981
SHA-256 | a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636
Secunia Security Advisory 50040
Posted Jul 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | d96cbc0a4f6aea200f65e32c16b2aebdc5ca8e04a32a6dc584f082e4633e88d2
Bugzilla Information Leaks
Posted Jul 28, 2012
Authored by Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 4.1.1 to 4.2.1, 4.3.1 suffer from a permission trust vulnerability. Bugzilla versions 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, 4.3.1 leak the description of a private attachment.

tags | advisory, info disclosure
advisories | CVE-2012-1968, CVE-2012-1969
SHA-256 | ccbe41f39c39d46f4dd678d5b50b50f6b23d74222a0aadab053e8ce5c1e2b4db
Red Hat Security Advisory 2012-0841-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0841-04 - ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4088, CVE-2012-1106
SHA-256 | bd72154a1c7c9f34d01a0388a2d739ac8d018b2bd3b877ce4278e6dd64c6a0a6
Secunia Security Advisory 48835
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 7f4ac4767d0309a0a1f9cfa49f682b3a05cb71f6b1fce330a37cdb1232fb0d94
Bugzilla Cross Site Request Forgery
Posted Feb 24, 2012
Site bugzilla.org

Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.

tags | advisory, cgi, csrf
advisories | CVE-2012-0453
SHA-256 | fe9aa9d5a2e0261931ccfa5c0cb9081fcee27f39f8a92d16f3b60fbcf5b9c472
Secunia Security Advisory 48133
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 35a315f07782eb05f6d88b714a0bc8c724792fd30908030bf19de3ba9bc0fb82
Secunia Security Advisory 47814
Posted Feb 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct spoofing attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, spoof, vulnerability, csrf
SHA-256 | 558ca8844a2b90ea6404ddfbff3f9b1f201ef3bd9e658fa5c82895309daeec06
Bugzilla CSRF / Account Impersonation
Posted Feb 2, 2012
Site bugzilla.org

Bugzilla versions 2.0 to 3.4.13, 3.5.1 to 3.6.7, 3.7.1 to 4.0.3, and 4.1.1 to 4.2rc1 suffer from account impersonation and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, code execution, file inclusion, csrf
advisories | CVE-2012-0448, CVE-2012-0440
SHA-256 | 560346be23f079df3dc6e695ad900afe6cf62f38a273b1c862bf04929d4ef911
Bugzilla Chart Generator Cross Site Scripting
Posted Jan 3, 2012
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the Bugzilla installation's domain. Versions affected include 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2011-3657
SHA-256 | ca81bb38b09a55cb4defe19fe6466a61b7037842c123590640a2365869115e44
Secunia Security Advisory 47369
Posted Dec 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 1efc4be93bba7b1297f52c07eb7378127baa150bc37561173ac567aecac404c1
Secunia Security Advisory 47368
Posted Dec 30, 2011
Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

SHA-256 | a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d
Secunia Security Advisory 47365
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | a277cea7af4b387deb5cb0236404c6595b15b62839d7df3259e49a762b1deae9
Secunia Security Advisory 47368
Posted Dec 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d
Bugzilla XSS / XSRF / Unauthorized Account Creation
Posted Dec 29, 2011
Site bugzilla.org

Bugzilla versions 2.17.1 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site scripting vulnerability. Versions 2.23.3 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from an unauthorized account creation vulnerability. Versions 2.0 to 3.4.12, 3.5.1 to 3.6.6, 3.7.1 to 4.0.2 and 4.1.1 to 4.1.3 suffer from a cross site request forgery vulnerability.

tags | advisory, xss, csrf
advisories | CVE-2011-3657, CVE-2011-3667
SHA-256 | d7fe9cc19e92befb40189c8947a6c9db762e9a8c444631d574538ff2387c7051
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close