Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:bugzilla:3.2.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-3165 |
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. Published: September 15, 2009; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-1213 |
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing. Published: April 01, 2009; 6:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-6098 |
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." Published: February 09, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2009-0486 |
Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users. Published: February 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |