CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2001-1403
https://notcve.org/view.php?id=CVE-2001-1403
10 Sep 2001 — Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. • http://bugzilla.mozilla.org/show_bug.cgi?id=15980 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2001-1407
https://notcve.org/view.php?id=CVE-2001-1407
10 Sep 2001 — Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. • http://bugzilla.mozilla.org/show_bug.cgi?id=96085 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2001-0330
https://notcve.org/view.php?id=CVE-2001-0330
27 Jun 2001 — Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. • http://www.atstake.com/research/advisories/2001/a043001-1.txt •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2001-0329 – Mozilla Bugzilla 2.4/2.6/2.8/2.10 - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2001-0329
24 May 2001 — Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. • https://www.exploit-db.com/exploits/19909 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2000-0421
https://notcve.org/view.php?id=CVE-2000-0421
11 May 2000 — The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. • http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html •