CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1CVE-2006-0913
https://notcve.org/view.php?id=CVE-2006-0913
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. • http://secunia.com/advisories/18979 http://www.osvdb.org/23378 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16738 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=312498 https://exchange.xforce.ibmcloud.com/vulnerabilities/24819 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0916
https://notcve.org/view.php?id=CVE-2006-0916
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. • http://secunia.com/advisories/18979 http://securityreason.com/securityalert/464 http://www.securityfocus.com/archive/1/425584/100/0/threaded http://www.securityfocus.com/bid/16745 http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=325079 https://exchange.xforce.ibmcloud.com/vulnerabilities/24821 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0915
https://notcve.org/view.php?id=CVE-2006-0915
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. • http://www.vupen.com/english/advisories/2006/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=313441 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2005-4534
https://notcve.org/view.php?id=CVE-2005-4534
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 http://secunia.com/advisories/18218 http://secunia.com/advisories/22826 http://securityreason.com/securityalert/302 http://securitytracker.com/id?1015411 http://www.debian.org/security/2006/dsa-1208 http://www.securityfocus.com/archive/1/420353/100/0/threaded http://www.securityfocus.com/bid/16061 https://bugzilla.mozilla.org/show_bug.cgi?id=305353 https://exchange.xforce.ibmcloud.com/vulnerabilities/23863 •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2005-3138
https://notcve.org/view.php?id=CVE-2005-3138
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 http://secunia.com/advisories/17030 http://www.bugzilla.org/security/2.18.4 http://www.securityfocus.com/bid/14995 https://exchange.xforce.ibmcloud.com/vulnerabilities/22490 •