CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2006-0914
https://notcve.org/view.php?id=CVE-2006-0914
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/42802 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1 https://bugzilla.mozilla.org/show_bug.cgi?id=293159 •
CVSS: 2.6EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2174
https://notcve.org/view.php?id=CVE-2005-2174
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. • http://securitytracker.com/id?1014428 http://www.bugzilla.org/security/2.18.1 https://bugzilla.mozilla.org/show_bug.cgi?id=293159 •
CVSS: 5.0EPSS: 10%CPEs: 23EXPL: 0CVE-2005-1563
https://notcve.org/view.php?id=CVE-2005-1563
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://marc.info/?l=bugtraq&m=111592031902962&w=2 http://secunia.com/advisories/15338 http://www.bugzilla.org/security/2.16.8 http://www.osvdb.org/16425 http://www.securityfocus.com/bid/13606 http://www.vupen.com/english/advisories/2005/0533 https://bugzilla.mozilla.org/show_bug.cgi?id=287109 •
CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 3CVE-2005-1565
https://notcve.org/view.php?id=CVE-2005-1565
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 http://marc.info/?l=bugtraq&m=111592031902962&w=2 http://secunia.com/advisories/15338 http://www.osvdb.org/16427 http://www.securityfocus.com/bid/13605 http://www.vupen.com/english/advisories/2005/0533 https://bugzilla.mozilla.org/show_bug.cgi?id=287436 •