Vulnerabilities > Mozilla > Bugzilla > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-28 | CVE-2010-1204 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | 5.0 |
2010-02-03 | CVE-2009-3989 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | 4.3 |
2009-09-15 | CVE-2009-3165 | SQL Injection vulnerability in Mozilla Bugzilla SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2009-02-09 | CVE-2009-0485 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi. | 5.8 |