Thinking OPEN

Posts Tagged ‘bugzilla’

Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.2 and prior [High]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users….

CVE Identifier: CVE-2009-0486
Vulnerability Type(s):
Severity: High


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


Bugzilla 3.3.1 and prior [Medium]

By Security Team • Feb 9th, 2009 • Category: Security Notifications

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete unused flag types via a link or IMG tag to editflagtypes.cgi….

CVE Identifier: CVE-2009-0485
Vulnerability Type(s):
Severity: Medium


« Older Entries
Newer Entries »