Mozilla Bugzilla vulnerabilities

CVE-2009-3989 [MEDIUM] CWE-264 CVE-2009-3989: Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not bloc Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt.

CVE-2009-3387 [MEDIUM] CWE-264 CVE-2009-3387: Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved thr Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

CVE-2009-3386 [MEDIUM] CWE-200 CVE-2009-3386: Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discove Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.

CVE-2009-3165 [HIGH] CWE-89 CVE-2009-3165: SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2009-3125 [HIGH] CWE-89 CVE-2009-3125: SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, a SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2009-3166 [MEDIUM] CWE-255 CVE-2009-3166: token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login se token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

CVE-2009-1213 [MEDIUM] CWE-352 CVE-2009-1213: Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

CVE-2009-0486 [HIGH] CWE-352 CVE-2009-0486: Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup t Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as oth

CVE-2009-0482 [MEDIUM] CWE-352 CVE-2009-0482: Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3. Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.

CVE-2009-0483 [MEDIUM] CWE-352 CVE-2009-0483: Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3. Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

CVE-2009-0485 [MEDIUM] CWE-352 CVE-2009-0485: Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 be Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi.

CVE-2009-0484 [MEDIUM] CWE-352 CVE-2009-0484: Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.

CVE-2008-6098 [MEDIUM] CWE-264 CVE-2008-6098: Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other ver Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve."

CVE-2009-0481 [LOW] CWE-79 CVE-2009-0481: Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote a Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers.

CVE-2008-4437 [HIGH] CWE-22 CVE-2008-4437: Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, w Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

CVE-2008-2104 [MEDIUM] CWE-264 CVE-2008-2104: The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.

CVE-2008-2103 [MEDIUM] CWE-79 CVE-2008-2103: Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inj Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.

CVE-2008-2105 [LOW] CWE-264 CVE-2008-2105: email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticat email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses

CVE-2007-5038 [HIGH] CWE-264 CVE-2007-5038: The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1. The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

CVE-2007-4539 [MEDIUM] CWE-264 CVE-2007-4539: The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.