RSS   Vulnerabilities for 'Bonsai'   RSS

2003-04-02
 
CVE-2003-0155

 

 
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

 
 
CVE-2003-0154

 

 
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

 
 
CVE-2003-0153

 

 
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

 
 
CVE-2003-0152

 

 
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.

 

 >>> Vendor: Mozilla 22 Products
Bugzilla
Mozilla
Firefox
Seamonkey
Thunderbird
Bonsai
Network security services
Camino
Mozilla suite
Durian web application server
Geckb
Libxul
NSS
Gecko
Firefox esr
Thunderbird esr
Firefox mobile
Zamboni
Firef14caox
Netscape portable runtime
Firefoxos
Firefox os


Copyright 2017, cxsecurity.com

 

Back to Top