CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0811
https://notcve.org/view.php?id=CVE-2002-0811
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=130821 http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0807
https://notcve.org/view.php?id=CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=146447 http://www.iss.net/security_center/static/9304.php http://www.securityfocus.com/bid/4964 •
CVSS: 5.0EPSS: 7%CPEs: 4EXPL: 0CVE-2002-0803
https://notcve.org/view.php?id=CVE-2002-0803
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=126801 http://www.iss.net/security_center/static/9300.php http://www.securityfocus.com/bid/4964 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0007
https://notcve.org/view.php?id=CVE-2002-0007
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. CGl.pl en Bugzilla anterior a la 2.14.1, cuando se usa LDAP, permite que atacantes remotos obtengan una conexión anónima con el servidor LDAP por medio de una petición que no incluye una clave, lo que provoca que se envíe una clave nula al servidor LDAP. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html http://bugzilla.mozilla.org/show_bug.cgi?id=54901 http://rhn.redhat.com/errata/RHSA-2002-001.html http://www.bugzilla.org/security2_14_1.html http://www.securityfocus.com/bid/3792 https://exchange.xforce.ibmcloud.com/vulnerabilities/7812 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0009
https://notcve.org/view.php?id=CVE-2002-0009
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. show_bug.cgi en Bugzilla anterior a la 2.14.1 permite que un usuario con privilegios de "Bugs Access" vea otros productos que no son accesibles al usuario, enviando un bug y leyendo el menú "Producto" resultante. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html http://bugzilla.mozilla.org/show_bug.cgi?id=102141 http://rhn.redhat.com/errata/RHSA-2002-001.html http://www.bugzilla.org/security2_14_1.html http://www.iss.net/security_center/static/7802.php http://www.securityfocus.com/bid/3798 •