|
|
Log in / Subscribe / Register

bugzilla: SQL injection

Package(s):bugzilla CVE #(s):CVE-2009-3125 CVE-2009-3165 CVE-2009-3166
Created:September 21, 2009 Updated:June 4, 2010
Description: From the Bugzilla advisory:

* Two SQL injection attacks have been discovered in Bugzilla. One only affects the 3.4 series, while the other affects the 3.0, 3.2, and 3.4 series. These are extremely serious vulnerabilities that must be patched immediately.

* When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password.

Alerts:
Gentoo 201006-19:02 bugzilla 2010-06-04
Fedora FEDORA-2009-9550 bugzilla 2009-09-15
Fedora FEDORA-2009-9554 bugzilla 2009-09-15
Debian DSA-1913-1 bugzilla 2009-10-17
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds