CVE-2003-0012
https://notcve.org/view.php?id=CVE-2003-0012
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. El script de recogida de datos de Bugzilla 2.14.x anteriores a 2.14.5, 2.16.x anteriores de 2.16.2, y 2.17.x anteriores a 2.17.3 establece permisos de escritura para todo el mundo en el directorio de recogida de datos cuando se ejecuta, lo que permite a usuarios locales modificar o borrar datos. • http://marc.info/?l=bugtraq&m=104154319200399&w=2 http://www.debian.org/security/2003/dsa-230 http://www.iss.net/security_center/static/10971.php http://www.redhat.com/support/errata/RHSA-2003-012.html http://www.securityfocus.com/bid/6502 •
CVE-2003-0013
https://notcve.org/view.php?id=CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. Los scripts .htaccess por defecto en Bugzilla 2.14.x anteriores a 2.14.5, 2.16.x anteriores a 2.16.2, y 2.17.x anteriores a 2.17.3 no bloquean el acceso a copias de seguridad del fichero localconfig que son hechas por editores como vi y Emacs, lo que podría permitir a atacantes remotos obtener una contraseña de la base de datos accediendo directamente al fichero copia de seguridad. • http://marc.info/?l=bugtraq&m=104154319200399&w=2 http://www.debian.org/security/2003/dsa-230 http://www.iss.net/security_center/static/10970.php http://www.osvdb.org/6351 http://www.securityfocus.com/bid/6501 •
CVE-2002-2260
https://notcve.org/view.php?id=CVE-2002-2260
Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. • http://bugzilla.mozilla.org/show_bug.cgi?id=179329 http://marc.info/?l=bugtraq&m=103837886416560&w=2 http://www.debian.org/security/2002/dsa-218 http://www.securityfocus.com/bid/6257 https://exchange.xforce.ibmcloud.com/vulnerabilities/10707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2002-1197
https://notcve.org/view.php?id=CVE-2002-1197
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. bugzilla_email_append.pl en Bugzilla 2.14.x antes de 2.14.4, y 2.16.x antes de 2.16.1, permite a atacantes remotos ejecutar código arbitrario mediante metacaracteres de shell en una llamada de sistema a processmail. • http://bugzilla.mozilla.org/show_bug.cgi?id=163024 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.iss.net/security_center/static/10234.php http://www.securityfocus.com/bid/5844 •
CVE-2002-1196
https://notcve.org/view.php?id=CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. editproducts.cgi en Bugzilla 2.14.x anteriores a 2.14.4 y 2.16 anteriores a 2.16.1, cuando la característica "usebuggroups" está activada y se especifican más de 47 grupos, no calcula adecuadamente valores de bits de números grandes, lo que permite permisos extra a usuarios mediante características conocidas de funciones matemáticas de Perl que establecen múltiples bits. • http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.debian.org/security/2002/dsa-173 http://www.iss.net/security_center/static/10233.php http://www.securityfocus.com/bid/5843 •