jetlib.sec » Bugtraq » Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14

Feeds

132968 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• February 01, 2012
• 

  Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14

  Posted: February 1st, 2012, 9:32am PST

  Tags:   

  Posted by LpSolit on Feb 01

  Summary
  =======
  
  Bugzilla is a Web-based bug-tracking system used by a large number of
  software projects. The following security issues have been discovered
  in Bugzilla:
  
  * When a user creates a new account, Bugzilla doesn't correctly
  reject email addresses containing non-ASCII characters, which
  could be used to impersonate another user account.
  
  * A CSRF vulnerability in the implementation of the JSON-RPC API
  could be used to make...