Filtered by vendor Mozilla
Subscriptions
Filtered by product Bugzilla
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0913 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. | ||||
| CVE-2006-0914 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | ||||
| CVE-2003-1043 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. | ||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | ||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | ||||
| CVE-2002-0011 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | ||||
| CVE-2002-0008 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2025-04-03 | N/A |
| Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | ||||
| CVE-2001-0330 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. | ||||
| CVE-2005-3139 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | ||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | ||||
| CVE-2018-5123 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | ||||