|Category:||FreeBSD Local Security Checks|
|Title:||FreeBSD Ports: bugzilla|
|Summary:||FreeBSD Ports: bugzilla|
|Description:||The remote host is missing an update to the system|
as announced in the referenced advisory.
The following package is affected: bugzilla
SQL injection vulnerability in the Bug.search WebService function in
Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to
execute arbitrary SQL commands via unspecified parameters.
SQL injection vulnerability in the Bug.create WebService function in
Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through
3.4.1 allows remote attackers to execute arbitrary SQL commands via
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL
at the beginning of a login session that occurs immediately after a
password reset, which allows context-dependent attackers to discover
passwords by reading (1) web-server access logs, (2) web-server
Referer logs, or (3) the browser history.
Update your system with the appropriate patches or
Common Vulnerability Exposure (CVE) ID: CVE-2009-3125|
BugTraq ID: 36371
Common Vulnerability Exposure (CVE) ID: CVE-2009-3165
BugTraq ID: 36373
Common Vulnerability Exposure (CVE) ID: CVE-2009-3166
BugTraq ID: 36372
|Copyright||Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.