CVE ID:	CVE-2006-5454
Description:	Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
Test IDs:	1.3.6.1.4.1.25623.1.0.57578
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5454 Bugtraq: 20061015 Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 (Google Search) http://www.securityfocus.com/archive/1/archive/1/448777/100/100/threaded http://security.gentoo.org/glsa/glsa-200611-04.xml BugTraq ID: 20538 http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 http://www.osvdb.org/29546 http://www.osvdb.org/29547 http://securitytracker.com/id?1017064 http://secunia.com/advisories/22790 http://secunia.com/advisories/22409 http://securityreason.com/securityalert/1760

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: