Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.8 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-4538
email_in.pl in Bugzilla 2.23.4 up to and including 3.0.0 allows remote malicious users to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
445
VMScore
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.3
445
VMScore
CVE-2004-1634
show_bug.cgi in Bugzilla 2.17.1 up to and including 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote malicious users to gain sensitive information.
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
445
VMScore
CVE-2003-1045
votes.cgi in Bugzilla 2.16.3 and previous versions, and 2.17.1 up to and including 2.17.4, allows remote malicious users to read a user's voting page when that user has voted on a restricted bug, which allows remote malicious users to read potentially sensitive voting inform...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.4
445
VMScore
CVE-2004-0702
DBI in Bugzilla 2.17.1 up to and including 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote malicious users to gain sensitive information.
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
435
VMScore
CVE-2013-1742
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x prior to 4.0.11; 4.1.x and 4.2.x prior to 4.2.7; and 4.3.x and 4.4.x prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) id or (2) s...
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.5
1 EDB exploit
383
VMScore
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 up to and including 4.4.11, and 4.5.1 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML.
Mozilla Bugzilla 5.0
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 3.1.4
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.8
Mozilla Bugzilla 3.4.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.6
383
VMScore
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2 does not properly construct CSV files, which allows remote malicious users to obtain sensitive information by leveraging a web browser that interprets CS...
Mozilla Bugzilla 4.4.10
Mozilla Bugzilla 4.4.9
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.0.11
Mozilla Bugzilla 4.0.10
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.7
Mozilla Bugzilla 3.4.6
Mozilla Bugzilla 3.2.9
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.7
383
VMScore
CVE-2014-1573
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote malicious users to conduct cross-site sc...
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.5
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
383
VMScore
CVE-2012-1969
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x prior to 3.6.10, 3.7.x and 4.0.x prior to 4.0.7, 4.1.x and 4.2.x prior to 4.2.2, and 4.3.x prior to 4.3.2 does not check whether an attachment is private before presenting the attachment description within a ...
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.23.1
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.22.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »