| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3166 | 5.0 |
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access
|
19-09-2009 - 05:32 | 15-09-2009 - 22:30 | |
| CVE-2009-3165 | 7.5 |
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
16-09-2009 - 04:00 | 15-09-2009 - 22:30 | |
| CVE-2009-3125 | 7.5 |
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
16-09-2009 - 04:00 | 15-09-2009 - 22:30 |