Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.4 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.3
5
CVSSv2
CVE-2004-1634
show_bug.cgi in Bugzilla 2.17.1 up to and including 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote malicious users to gain sensitive information.
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
5
CVSSv2
CVE-2003-1045
votes.cgi in Bugzilla 2.16.3 and previous versions, and 2.17.1 up to and including 2.17.4, allows remote malicious users to read a user's voting page when that user has voted on a restricted bug, which allows remote malicious users to read potentially sensitive voting inform...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.4
5
CVSSv2
CVE-2004-0702
DBI in Bugzilla 2.17.1 up to and including 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote malicious users to gain sensitive information.
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
4.3
CVSSv2
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 up to and including 4.4.11, and 4.5.1 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML.
Mozilla Bugzilla 5.0
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 3.1.4
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.8
Mozilla Bugzilla 3.4.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.6
4.3
CVSSv2
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2 does not properly construct CSV files, which allows remote malicious users to obtain sensitive information by leveraging a web browser that interprets CS...
Mozilla Bugzilla 4.4.10
Mozilla Bugzilla 4.4.9
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.0.11
Mozilla Bugzilla 4.0.10
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.7
Mozilla Bugzilla 3.4.6
Mozilla Bugzilla 3.2.9
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.7
4.3
CVSSv2
CVE-2014-1573
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote malicious users to conduct cross-site sc...
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.5
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
4.3
CVSSv2
CVE-2013-1742
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x prior to 4.0.11; 4.1.x and 4.2.x prior to 4.2.7; and 4.3.x and 4.4.x prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) id or (2) s...
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.5
1 EDB exploit
4.3
CVSSv2
CVE-2012-1969
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x prior to 3.6.10, 3.7.x and 4.0.x prior to 4.0.7, 4.1.x and 4.2.x prior to 4.2.2, and 4.3.x prior to 4.3.2 does not check whether an attachment is private before presenting the attachment description within a ...
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.23.1
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.22.3
4.3
CVSSv2
CVE-2011-3657
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x prior to 3.4.13, 3.5.x and 3.6.x prior to 3.6.7, 3.7.x and 4.0.x prior to 4.0.3, and 4.1.x up to and including 4.1.3, when debug mode is used, allow remote malicious users to inject arbitrary web script o...
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.2.3
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.4
Mozilla Bugzilla 3.4.5
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »