U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:mozilla:bugzilla:3.2.4
There are 45 matching records.
Displaying matches 41 through 45.
Vuln ID Summary CVSS Severity
CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.

Published: August 16, 2010; 11:14:12 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2010-2756

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Published: August 16, 2010; 11:14:12 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1204

Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."

Published: June 28, 2010; 1:30:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3989

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

Published: February 03, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-3165

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

Published: September 15, 2009; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH