Filtered by vendor Mozilla
Subscriptions
Filtered by product Bugzilla
Subscriptions
Total
151 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-2174 | 1 Mozilla | 1 Bugzilla | 2024-09-17 | N/A |
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | ||||
CVE-2013-1734 | 1 Mozilla | 1 Bugzilla | 2024-09-17 | N/A |
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. | ||||
CVE-2012-4747 | 1 Mozilla | 1 Bugzilla | 2024-09-17 | N/A |
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. | ||||
CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2024-09-17 | N/A |
Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | ||||
CVE-2012-1968 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | ||||
CVE-2013-1743 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. | ||||
CVE-2013-1733 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. | ||||
CVE-2010-1204 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | ||||
CVE-2010-0180 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | ||||
CVE-2009-3165 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
CVE-2013-1742 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter. | ||||
CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | ||||
CVE-2010-2470 | 1 Mozilla | 1 Bugzilla | 2024-09-16 | N/A |
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | ||||
CVE-2000-0421 | 1 Mozilla | 1 Bugzilla | 2024-08-08 | N/A |
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
CVE-2001-1405 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | ||||
CVE-2001-1406 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. | ||||
CVE-2001-1401 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | ||||
CVE-2001-1403 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. | ||||
CVE-2001-1404 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. | ||||
CVE-2001-1407 | 2 Mozilla, Redhat | 2 Bugzilla, Powertools | 2024-08-08 | N/A |
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. |