CVE-2002-1198
https://notcve.org/view.php?id=CVE-2002-1198
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Bugzilla 2.16.x anteriores a 2.16.1 no filtra apropiadamente apóstrofes de direcciones de correo electrónico durante la creación de cuentas, lo que permite a atacantes remotos ejecutar SQL arbitrario mediante un ataque de inyección de SQL. • http://bugzilla.mozilla.org/show_bug.cgi?id=165221 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.iss.net/security_center/static/10235.php http://www.securityfocus.com/bid/5842 •
CVE-2002-0809
https://notcve.org/view.php?id=CVE-2002-0809
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=148674 http://www.iss.net/security_center/static/10141.php http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVE-2002-0808
https://notcve.org/view.php?id=CVE-2002-0808
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=107718 http://www.iss.net/security_center/static/9305.php http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVE-2002-0810
https://notcve.org/view.php?id=CVE-2002-0810
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=92263 http://www.iss.net/security_center/static/9306.php http://www.osvdb.org/6399 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVE-2002-0805
https://notcve.org/view.php?id=CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=134575 http://www.iss.net/security_center/static/9302.php http://www.osvdb.org/6395 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •