Mozilla

Bugzilla

145 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2002-1198

  • EPSS 0.5%
  • Published 28.10.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.

5

CVE-2002-0803

  • EPSS 1.4%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.

7.5

CVE-2002-0804

  • EPSS 0.55%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

4.6

CVE-2002-0805

  • EPSS 0.08%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

2.1

CVE-2002-0806

  • EPSS 0.13%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

7.5

CVE-2002-0807

  • EPSS 0.74%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

7.5

CVE-2002-0808

  • EPSS 0.46%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

7.5

CVE-2002-0809

  • EPSS 0.41%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on ...

5

CVE-2002-0810

  • EPSS 0.86%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

7.5

CVE-2002-0811

  • EPSS 0.49%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.