Vulnerability Database
299,879
Total vulnerabilities in the database
CVE-2007-5038
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 3.0.0 | 3.0.0.x |
| mozilla / bugzilla | 3.0.1 | 3.0.1.x |
| mozilla / bugzilla | 3.1.1 | 3.1.1.x |
| mozilla / bugzilla | 3.1.0 | 3.1.0.x |
- http://fedoranews.org/updates/FEDORA-2007-229.shtml
- http://secunia.com/advisories/26848
- http://secunia.com/advisories/26969
- http://www.bugzilla.org/security/3.0.1/
- http://www.securityfocus.com/archive/1/480077/100/0/threaded
- http://www.securityfocus.com/bid/25725
- http://www.securitytracker.com/id?1018719
- http://www.vupen.com/english/advisories/2007/3200
- https://bugzilla.mozilla.org/show_bug.cgi?id=395632
- https://bugzilla.redhat.com/show_bug.cgi?id=299981
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36692
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime