Page 19 of 118 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. • http://bugzilla.mozilla.org/show_bug.cgi?id=179329 http://marc.info/?l=bugtraq&m=103837886416560&w=2 http://www.debian.org/security/2002/dsa-218 http://www.securityfocus.com/bid/6257 https://exchange.xforce.ibmcloud.com/vulnerabilities/10707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. bugzilla_email_append.pl en Bugzilla 2.14.x antes de 2.14.4, y 2.16.x antes de 2.16.1, permite a atacantes remotos ejecutar código arbitrario mediante metacaracteres de shell en una llamada de sistema a processmail. • http://bugzilla.mozilla.org/show_bug.cgi?id=163024 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.iss.net/security_center/static/10234.php http://www.securityfocus.com/bid/5844 •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. editproducts.cgi en Bugzilla 2.14.x anteriores a 2.14.4 y 2.16 anteriores a 2.16.1, cuando la característica "usebuggroups" está activada y se especifican más de 47 grupos, no calcula adecuadamente valores de bits de números grandes, lo que permite permisos extra a usuarios mediante características conocidas de funciones matemáticas de Perl que establecen múltiples bits. • http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.debian.org/security/2002/dsa-173 http://www.iss.net/security_center/static/10233.php http://www.securityfocus.com/bid/5843 •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Bugzilla 2.16.x anteriores a 2.16.1 no filtra apropiadamente apóstrofes de direcciones de correo electrónico durante la creación de cuentas, lo que permite a atacantes remotos ejecutar SQL arbitrario mediante un ataque de inyección de SQL. • http://bugzilla.mozilla.org/show_bug.cgi?id=165221 http://marc.info/?l=bugtraq&m=103349804226566&w=2 http://www.iss.net/security_center/static/10235.php http://www.securityfocus.com/bid/5842 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=148674 http://www.iss.net/security_center/static/10141.php http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •