Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mozilla bugzilla 2.18.2 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2005-3138
Bugzilla 2.18rc1 up to and including 2.18.3, 2.19 up to and including 2.20rc2, and 2.21 allows remote malicious users to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.19.2Mozilla Bugzilla 2.19.3Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.18Mozilla Bugzilla 2.20Mozilla Bugzilla 2.21Mozilla Bugzilla 2.19Mozilla Bugzilla 2.19.1
5.5
CVSSv2
CVE-2006-0914
Bugzilla 2.16.10, 2.17 up to and including 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote malicious users to trigger a SQL error.
Mozilla Bugzilla 2.18Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.20Mozilla Bugzilla 2.16.10Mozilla Bugzilla 2.17Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.17.4Mozilla Bugzilla 2.17.5
3.5
CVSSv2
CVE-2006-5453
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x prior to 2.18.6, 2.20.x prior to 2.20.3, 2.22.x prior to 2.22.1, and 2.23.x prior to 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3...
Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.18.5Mozilla Bugzilla 2.20Mozilla Bugzilla 2.22Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.20.1Mozilla Bugzilla 2.20.2Mozilla Bugzilla 2.18Mozilla Bugzilla 2.23Mozilla Bugzilla 2.23.1Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.23.2
5
CVSSv2
CVE-2006-5454
Bugzilla 2.18.x prior to 2.18.6, 2.20.x prior to 2.20.3, 2.22.x prior to 2.22.1, and 2.23.x prior to 2.23.3 allow remote malicious users to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadli...
Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.20.1Mozilla Bugzilla 2.20.2Mozilla Bugzilla 2.18Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.20Mozilla Bugzilla 2.23.1Mozilla Bugzilla 2.23.2Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.18.5Mozilla Bugzilla 2.22Mozilla Bugzilla 2.23
5.5
CVSSv2
CVE-2006-0913
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 up to and including 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.19Mozilla Bugzilla 2.19.1Mozilla Bugzilla 2.21.1Mozilla Bugzilla 2.17.4Mozilla Bugzilla 2.17.5Mozilla Bugzilla 2.18Mozilla Bugzilla 2.20Mozilla Bugzilla 2.21Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.19.2Mozilla Bugzilla 2.19.3Mozilla Bugzilla 2.17.1Mozilla Bugzilla 2.17.3Mozilla Bugzilla 2.18.4
4.3
CVSSv2
CVE-2007-4543
Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 up to and including 2.20.4, 2.22.x prior to 2.22.3, and 3.x prior to 3.0.1 allows remote malicious users to inject arbitrary web script or HTML via the buildid field in the "guided form."
Mozilla Bugzilla 2.18Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.19Mozilla Bugzilla 2.20.3Mozilla Bugzilla 2.20Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.17.1Mozilla Bugzilla 2.17.3Mozilla Bugzilla 2.18.2Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.19.1Mozilla Bugzilla 2.19.2Mozilla Bugzilla 2.22Mozilla Bugzilla 2.22.1Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.20.1Mozilla Bugzilla 2.20.2Mozilla Bugzilla 3.0.0Mozilla Bugzilla 2.17.4Mozilla Bugzilla 2.17.5Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.18.5
5.8
CVSSv2
CVE-2009-0485
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote malicious users to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.20Mozilla Bugzilla 2.20.6Mozilla Bugzilla 2.20.7Mozilla Bugzilla 2.22.3Mozilla Bugzilla 2.22.4Mozilla Bugzilla 3.0.4Mozilla Bugzilla 3.0.5Mozilla Bugzilla 2.17.1Mozilla Bugzilla 2.17.3Mozilla Bugzilla 2.18Mozilla Bugzilla 2.19Mozilla Bugzilla 2.19.1Mozilla Bugzilla 2.20.2Mozilla Bugzilla 2.20.3Mozilla Bugzilla 2.22Mozilla Bugzilla 3.0Mozilla Bugzilla 3.0.1Mozilla Bugzilla 3.2
4.3
CVSSv2
CVE-2008-2103
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote malicious users to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
Mozilla Bugzilla 2.17.2Mozilla Bugzilla 2.17.3Mozilla Bugzilla 2.18.3Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.19.2Mozilla Bugzilla 2.19.3Mozilla Bugzilla 2.20Mozilla Bugzilla 2.21.1Mozilla Bugzilla 2.22Mozilla Bugzilla 2.23Mozilla Bugzilla 3.0.3Mozilla Bugzilla 3.0.4Mozilla Bugzilla 3.0 Rc1Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.18Mozilla Bugzilla 2.20.4Mozilla Bugzilla 2.20.5Mozilla Bugzilla 2.22.1Mozilla Bugzilla 2.22.2Mozilla Bugzilla 2.23.3Mozilla Bugzilla 2.23.4
4
CVSSv2
CVE-2008-6098
Bugzilla 3.2 prior to 3.2 RC2, 3.0 prior to 3.0.6, 2.22 prior to 2.22.6, 2.20 prior to 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to...
Mozilla Bugzilla 2.17.7Mozilla Bugzilla 2.18.1Mozilla Bugzilla 2.18.9Mozilla Bugzilla 2.18.8Mozilla Bugzilla 2.18Mozilla Bugzilla 2.19.3Mozilla Bugzilla 2.20.5Mozilla Bugzilla 2.21.2Mozilla Bugzilla 2.23Mozilla Bugzilla 2.22.1Mozilla Bugzilla 2.23.4Mozilla Bugzilla 3.0.4Mozilla Bugzilla 3.0.0Mozilla Bugzilla 3.0.7Mozilla Bugzilla 3.2Mozilla Bugzilla 3.1.1Mozilla Bugzilla 3.2.1Mozilla Bugzilla 2.17.5Mozilla Bugzilla 2.17.6Mozilla Bugzilla 2.18.5Mozilla Bugzilla 2.19.2Mozilla Bugzilla 2.20
3.5
CVSSv2
CVE-2008-2105
email_in.pl in Bugzilla 2.23.4, 3.0.x prior to 3.0.4, and 3.1.x prior to 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the Fr...
Mozilla Bugzilla 2.10Mozilla Bugzilla 2.12Mozilla Bugzilla 2.14.4Mozilla Bugzilla 2.14.5Mozilla Bugzilla 2.16.5Mozilla Bugzilla 2.16.6Mozilla Bugzilla 2.17.3Mozilla Bugzilla 2.17.4Mozilla Bugzilla 2.18.4Mozilla Bugzilla 2.18.5Mozilla Bugzilla 2.19.3Mozilla Bugzilla 2.20.1Mozilla Bugzilla 2.21.1Mozilla Bugzilla 2.21.2Mozilla Bugzilla 2.23Mozilla Bugzilla 2.23.1Mozilla Bugzilla 3.0.0Mozilla Bugzilla 3.0.1Mozilla Bugzilla 2.14Mozilla Bugzilla 2.14.1Mozilla Bugzilla 2.16.11Mozilla Bugzilla 2.16.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook