Page 14 of 69 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. • http://bugzilla.mozilla.org/show_bug.cgi?id=74032 http://marc.info/?l=bugtraq&m=99912899900567 http://www.redhat.com/support/errata/RHSA-2001-107.html •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. • http://bugzilla.mozilla.org/show_bug.cgi?id=54556 http://marc.info/?l=bugtraq&m=99912899900567 http://www.redhat.com/support/errata/RHSA-2001-107.html •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. • http://www.atstake.com/research/advisories/2001/a043001-1.txt http://www.securityfocus.com/bid/2671 https://exchange.xforce.ibmcloud.com/vulnerabilities/6489 •

CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. • https://www.exploit-db.com/exploits/19909 http://www.atstake.com/research/advisories/2001/a043001-1.txt http://www.mozilla.org/projects/bugzilla/security2_12.html http://www.securityfocus.com/bid/1199 •