Bugzilla@2.17.1 Security Vulnerabilities and Issues — Bugzilla@2.17.1 CVE List

Lucene search

MozillaBugzilla2.17.1

11 matches found

CVE•added 2004/09/01 4:0 a.m.•68 views

CVE-2003-0012

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

2.1CVSS6.1AI score0.00059EPSS

CVE•added 2004/09/01 4:0 a.m.•51 views

CVE-2003-0013

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by dir...

7.5CVSS6.5AI score0.00911EPSS

CVE•added 2004/07/27 4:0 a.m.•47 views

CVE-2004-0707

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

7.5CVSS8.2AI score0.00502EPSS

CVE•added 2004/08/18 4:0 a.m.•44 views

CVE-2003-1046

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.

7.5CVSS6.7AI score0.01402EPSS

CVE•added 2004/07/27 4:0 a.m.•42 views

CVE-2004-0702

DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.

5CVSS7.5AI score0.00391EPSS

CVE•added 2004/07/27 4:0 a.m.•42 views

CVE-2004-0703

Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.

7.5CVSS6.5AI score0.00527EPSS

CVE•added 2004/08/18 4:0 a.m.•39 views

CVE-2003-1043

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

10CVSS7.8AI score0.00895EPSS

CVE•added 2004/08/18 4:0 a.m.•38 views

CVE-2003-1045

votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.

5CVSS6.2AI score0.00838EPSS

CVE•added 2004/07/27 4:0 a.m.•37 views

CVE-2004-0706

Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.

2.1CVSS6.5AI score0.00071EPSS

CVE•added 2004/08/18 4:0 a.m.•33 views

CVE-2003-1042

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

10CVSS7.8AI score0.00569EPSS

CVE•added 2004/08/18 4:0 a.m.•32 views

CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

7.5CVSS6.5AI score0.00733EPSS