Total vulnerabilities in the database
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 3.1.3 | 3.1.3.x |
| mozilla / bugzilla | 3.1.1 | 3.1.1.x |
| mozilla / bugzilla | 3.1.2 | 3.1.2.x |
| mozilla / bugzilla | 2.22.3 | 2.22.3.x |
| mozilla / bugzilla | 2.23.2 | 2.23.2.x |
| mozilla / bugzilla | 2.22.1 | 2.22.1.x |
| mozilla / bugzilla | 2.23.4 | 2.23.4.x |
| mozilla / bugzilla | 2.23.3 | 2.23.3.x |
| mozilla / bugzilla | 2.23.1 | 2.23.1.x |
| mozilla / bugzilla | 2.22.2 | 2.22.2.x |
| mozilla / bugzilla | 2.6 | 2.6.x |
| mozilla / bugzilla | 3.1.4 | 3.1.4.x |
| mozilla / bugzilla | 2.4 | 2.4.x |
| mozilla / bugzilla | 2.8 | 2.8.x |
| mozilla / bugzilla | 3.0.2 | 3.0.2.x |
| mozilla / bugzilla | 2.23 | 2.23.x |
| mozilla / bugzilla | 2.9 | 2.9.x |
| mozilla / bugzilla | 2.22.4 | 2.22.4.x |