Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.16 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, could allow remote malicious users to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0803
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, allows remote malicious users to display restricted products and components via a direct HTTP request to queryhelp.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0804
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when configured to perform reverse DNS lookups, allows remote malicious users to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0805
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0806
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0808
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0810
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0811
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, may allow remote malicious users to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-0809
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is p...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
NA
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x prior to 2.14.4, and 2.16.x prior to 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »