Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.8 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2001-1403
Bugzilla prior to 2.14 includes the username and password in URLs, which could allow malicious users to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-1404
Bugzilla prior to 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow malicious users to gain privileges.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
668
VMScore
CVE-2001-1407
Bugzilla prior to 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-1402
Bugzilla prior to 2.14 does not properly escape untrusted parameters, which could allow remote malicious users to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
668
VMScore
CVE-2001-0330
Bugzilla 2.10 allows remote malicious users to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
668
VMScore
CVE-2000-0421
The process_bug.cgi script in Bugzilla allows remote malicious users to execute arbitrary commands via shell metacharacters.
Mozilla Bugzilla 2.8
605
VMScore
CVE-2013-1734
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x prior to 4.0.11; 4.1.x and 4.2.x prior to 4.2.7; and 4.3.x and 4.4.x prior to 4.4.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that co...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.1
605
VMScore
CVE-2011-3667
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x prior to 3.4.13, 3.5.x and 3.6.x prior to 3.6.7, 3.7.x and 4.0.x prior to 4.0.3, and 4.1.x up to and including 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account se...
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0.10
Mozilla Bugzilla 3.0.11
Mozilla Bugzilla 3.0.9
Mozilla Bugzilla 3.2.10
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.9
Mozilla Bugzilla 3.4.12
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.9
605
VMScore
CVE-2011-3669
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1 allows remote malicious users to hijack the authentication of arbitrary users for requests that upload attachments.
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.20.3
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.23
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
605
VMScore
CVE-2011-3668
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1 allows remote malicious users to hijack the authentication of arbitrary users for requests that create bug reports.
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.20.4
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.9
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.19.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »