Vulnerabilities > Mozilla > Bugzilla > 2.23.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-16 | CVE-2010-2757 | Cryptographic Issues vulnerability in Mozilla Bugzilla The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. | 6.5 |
2010-08-16 | CVE-2010-2756 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. | 5.0 |
2010-02-03 | CVE-2009-3989 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | 4.3 |
2009-09-15 | CVE-2009-3165 | SQL Injection vulnerability in Mozilla Bugzilla SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2009-02-09 | CVE-2008-6098 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." | 4.0 |
2008-10-03 | CVE-2008-4437 | Path Traversal vulnerability in Mozilla Bugzilla Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. | 7.1 |
2008-05-07 | CVE-2008-2105 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. | 3.5 |
2008-05-07 | CVE-2008-2103 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | 4.3 |
2007-08-27 | CVE-2007-4539 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. | 5.0 |
2007-08-27 | CVE-2007-4538 | Remote vulnerability in Bugzilla email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. | 5.0 |