Bugzilla@2.17.3 Security Vulnerabilities and Issues — Page 2 of Bugzilla@2.17.3 CVE List

Lucene search

MozillaBugzilla2.17.3

59 matches found

CVE•added 2012/09/04 11:4 a.m.•38 views

CVE-2012-4747

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custo...

5CVSS6.3AI score0.0026EPSS

CVE•added 2004/07/27 4:0 a.m.•37 views

CVE-2004-0706

Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.

2.1CVSS6.5AI score0.00071EPSS

CVE•added 2005/05/14 4:0 a.m.•37 views

CVE-2005-1565

Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.

5CVSS6.3AI score0.00804EPSS

CVE•added 2005/02/20 5:0 a.m.•36 views

CVE-2004-1634

show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.

5CVSS6.8AI score0.00438EPSS

CVE•added 2008/05/07 8:20 p.m.•36 views

CVE-2008-2105

email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE:...

3.5CVSS6AI score0.00497EPSS

CVE•added 2012/02/02 6:55 p.m.•35 views

CVE-2012-0448

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choos...

4CVSS6AI score0.00364EPSS

CVE•added 2004/08/18 4:0 a.m.•33 views

CVE-2003-1042

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

10CVSS7.8AI score0.00569EPSS

CVE•added 2004/08/18 4:0 a.m.•32 views

CVE-2003-1044

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

7.5CVSS6.5AI score0.00602EPSS

CVE•added 2012/01/02 7:55 p.m.•30 views

CVE-2011-3668

Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.

6.8CVSS7.1AI score0.00128EPSS

Total number of security vulnerabilities59