Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.14.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x prior to 2.14.5, 2.16.x prior to 2.16.2, and 2.17.x prior to 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote malicious users to ob...
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16
4.3
CVSSv2
CVE-2002-2260
Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 up to and including 2.17 allows remote malicious users to inject arbitrary web script or HTML via the "show all quips" page.
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
7.5
CVSSv2
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x prior to 2.14.4, and 2.16.x prior to 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known...
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16
7.5
CVSSv2
CVE-2002-1197
bugzilla_email_append.pl in Bugzilla 2.14.x prior to 2.14.4, and 2.16.x prior to 2.16.1, allows remote malicious users to execute arbitrary code via shell metacharacters in a system call to processmail.
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.16
7.5
CVSSv2
CVE-2002-1198
Bugzilla 2.16.x prior to 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote malicious users to execute arbitrary SQL via a SQL injection attack.
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
7.5
CVSSv2
CVE-2002-0809
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is p...
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14
7.5
CVSSv2
CVE-2002-0804
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when configured to perform reverse DNS lookups, allows remote malicious users to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14
4.6
CVSSv2
CVE-2002-0805
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16
2.1
CVSSv2
CVE-2002-0806
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
7.5
CVSSv2
CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, could allow remote malicious users to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »