Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.12 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2001-1402
Bugzilla prior to 2.14 does not properly escape untrusted parameters, which could allow remote malicious users to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-1403
Bugzilla prior to 2.14 includes the username and password in URLs, which could allow malicious users to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-1404
Bugzilla prior to 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow malicious users to gain privileges.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
187
VMScore
CVE-2001-1405
Bugzilla prior to 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
187
VMScore
CVE-2001-1406
process_bug.cgi in Bugzilla prior to 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
668
VMScore
CVE-2001-1407
Bugzilla prior to 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-1401
Bugzilla prior to 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdepen...
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
187
VMScore
CVE-2003-0603
Bugzilla 2.16.x prior to 2.16.3, 2.17.x prior to 2.17.4, and previous versions versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16
890
VMScore
CVE-2003-1042
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and previous versions allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
668
VMScore
CVE-2003-1044
editproducts.cgi in Bugzilla 2.16.3 and previous versions, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned...
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »