Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
MozillaBugzilla2.14

71 matches found

CVE
CVEadded 2012/11/16 12:24 p.m.39 views

CVE-2012-4197

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

5CVSS6.6AI score0.00319EPSS
CVE
CVEadded 2003/04/02 5:0 a.m.38 views

CVE-2002-0805

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

4.6CVSS6.5AI score0.00075EPSS
CVE
CVEadded 2004/08/18 4:0 a.m.38 views

CVE-2003-1045

votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.

5CVSS6.2AI score0.00524EPSS
CVE
CVEadded 2012/09/04 11:4 a.m.38 views

CVE-2012-4747

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custo...

5CVSS6.3AI score0.0026EPSS
CVE
CVEadded 2002/08/31 4:0 a.m.37 views

CVE-2001-1405

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.

2.1CVSS6.6AI score0.00063EPSS
CVE
CVEadded 2002/08/12 4:0 a.m.37 views

CVE-2002-0807

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

7.5CVSS6.8AI score0.00741EPSS
CVE
CVEadded 2003/04/02 5:0 a.m.37 views

CVE-2002-0809

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encode...

7.5CVSS6.6AI score0.00455EPSS
CVE
CVEadded 2004/07/27 4:0 a.m.37 views

CVE-2004-0706

Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.

2.1CVSS6.5AI score0.00071EPSS
CVE
CVEadded 2005/05/14 4:0 a.m.37 views

CVE-2005-1565

Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.

5CVSS6.3AI score0.00804EPSS
CVE
CVEadded 2005/02/20 5:0 a.m.36 views

CVE-2004-1634

show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.

5CVSS6.8AI score0.00438EPSS
CVE
CVEadded 2008/05/07 8:20 p.m.36 views

CVE-2008-2105

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE:...

3.5CVSS6AI score0.00497EPSS
CVE
CVEadded 2002/08/12 4:0 a.m.35 views

CVE-2002-0803

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.

5CVSS6.7AI score0.01395EPSS
CVE
CVEadded 2003/04/02 5:0 a.m.35 views

CVE-2002-0806

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

2.1CVSS6.4AI score0.00131EPSS
CVE
CVEadded 2012/02/02 6:55 p.m.35 views

CVE-2012-0448

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choos...

4CVSS6AI score0.00364EPSS
CVE
CVEadded 2002/08/12 4:0 a.m.33 views

CVE-2002-0811

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.

7.5CVSS7.7AI score0.00487EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.33 views

CVE-2002-1197

bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.

7.5CVSS7.7AI score0.02116EPSS
CVE
CVEadded 2004/08/18 4:0 a.m.33 views

CVE-2003-1042

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

10CVSS7.8AI score0.00569EPSS
CVE
CVEadded 2002/08/31 4:0 a.m.32 views

CVE-2001-1403

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.

7.5CVSS7.2AI score0.00527EPSS
CVE
CVEadded 2004/08/18 4:0 a.m.32 views

CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

7.5CVSS6.5AI score0.00602EPSS
CVE
CVEadded 2002/08/31 4:0 a.m.30 views

CVE-2001-1404

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.

7.5CVSS7.4AI score0.00527EPSS
CVE
CVEadded 2012/01/02 7:55 p.m.30 views

CVE-2011-3668

Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.

6.8CVSS7.1AI score0.00128EPSS
Total number of security vulnerabilities71