Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-4747 |
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. Published: September 04, 2012; 7:04:50 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-3981 |
Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Published: September 04, 2012; 7:04:50 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1969 |
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. Published: July 30, 2012; 9:55:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1968 |
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. Published: July 30, 2012; 9:55:10 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |