Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugzilla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x prior to 2.14.5, 2.16.x prior to 2.16.2, and 2.17.x prior to 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote malicious users to ob...
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16
5.8
CVSSv2
CVE-2009-0484
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote malicious users to delete shared or saved searches via a link or IMG tag to buglist.cgi.
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.0.3
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.2
4.3
CVSSv2
CVE-2012-1968
Bugzilla 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote malicious users to obtain sensitive description information by reading the toolti...
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.3
5.1
CVSSv2
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.3
1.9
CVSSv2
CVE-2010-2470
Install/Filesystem.pm in Bugzilla 3.5.1 up to and including 3.6.1 and 3.7 up to and including 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files i...
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.5.1
5
CVSSv2
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.3
6.8
CVSSv2
CVE-2009-1213
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 prior to 3.2.3, 3.3 prior to 3.3.4, and previous versions versions allows remote malicious users to hijack the authentication of arbitrary users for requests that use attachment editing.
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.2
Mozilla Bugzilla 3.3
Mozilla Bugzilla 3.3.3
7.5
CVSSv2
CVE-2001-1401
Bugzilla prior to 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdepen...
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
5
CVSSv2
CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 up to and including 3.0.0 allows remote malicious users to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
7.5
CVSSv2
CVE-2001-1402
Bugzilla prior to 2.14 does not properly escape untrusted parameters, which could allow remote malicious users to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »