Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.8 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2001-1402
Bugzilla prior to 2.14 does not properly escape untrusted parameters, which could allow remote malicious users to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the...
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
7.5
CVSSv2
CVE-2001-1404
Bugzilla prior to 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow malicious users to gain privileges.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
2.1
CVSSv2
CVE-2001-1405
Bugzilla prior to 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
2.1
CVSSv2
CVE-2001-1406
process_bug.cgi in Bugzilla prior to 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.4
7.5
CVSSv2
CVE-2001-0330
Bugzilla 2.10 allows remote malicious users to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
7.5
CVSSv2
CVE-2001-0329
Bugzilla 2.10 allows remote malicious users to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
1 EDB exploit
7.5
CVSSv2
CVE-2000-0421
The process_bug.cgi script in Bugzilla allows remote malicious users to execute arbitrary commands via shell metacharacters.
Mozilla Bugzilla 2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6