Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.14 vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2002-0805
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
187
VMScore
CVE-2002-0806
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
445
VMScore
CVE-2002-0803
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, allows remote malicious users to display restricted products and components via a direct HTTP request to queryhelp.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-0804
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when configured to perform reverse DNS lookups, allows remote malicious users to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, could allow remote malicious users to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-0808
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-0809
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is p...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
445
VMScore
CVE-2002-0810
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-0811
Bugzilla 2.14 prior to 2.14.2, and 2.16 prior to 2.16rc2, may allow remote malicious users to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
668
VMScore
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x prior to 2.14.4, and 2.16.x prior to 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »