Bugzilla Security Vulnerabilities and Issues — Bugzilla CVE List

Lucene search

MozillaBugzilla

4 matches found

CVE•added 2006/02/28 11:2 a.m.•44 views

CVE-2006-0913

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

5.5CVSS7.8AI score0.0082EPSS

CVE•added 2006/02/28 11:2 a.m.•42 views

CVE-2006-0914

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.

5.5CVSS6.9AI score0.00757EPSS

CVE•added 2006/02/28 11:2 a.m.•40 views

CVE-2006-0915

Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error.

7.5CVSS6.9AI score0.00636EPSS

CVE•added 2006/02/28 11:2 a.m.•31 views

CVE-2006-0916

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.

7.5CVSS6AI score0.00743EPSS