Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugzilla vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2009-0484
Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote malicious users to delete shared or saved searches via a link or IMG tag to buglist.cgi.
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.3
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.3.1
7.5
CVSSv2
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x prior to 2.14.5, 2.16.x prior to 2.16.2, and 2.17.x prior to 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote malicious users to ob...
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
4.3
CVSSv2
CVE-2012-1968
Bugzilla 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote malicious users to obtain sensitive description information by reading the toolti...
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
5
CVSSv2
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.9
1.9
CVSSv2
CVE-2010-2470
Install/Filesystem.pm in Bugzilla 3.5.1 up to and including 3.6.1 and 3.7 up to and including 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files i...
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.1
5.1
CVSSv2
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
6.8
CVSSv2
CVE-2009-1213
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 prior to 3.2.3, 3.3 prior to 3.3.4, and previous versions versions allows remote malicious users to hijack the authentication of arbitrary users for requests that use attachment editing.
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.2.2
Mozilla Bugzilla 3.3
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.3.1
7.5
CVSSv2
CVE-2009-3125
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 up to and including 3.4.1, and 3.5, allows remote malicious users to execute arbitrary SQL commands via unspecified parameters.
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.4
6.8
CVSSv2
CVE-2003-0602
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x prior to 2.16.3 and 2.17.x prior to 2.17.4 allow remote malicious users to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA ...
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17
7.5
CVSSv2
CVE-2002-1198
Bugzilla 2.16.x prior to 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote malicious users to execute arbitrary SQL via a SQL injection attack.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »