CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0806
https://notcve.org/view.php?id=CVE-2002-0806
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=141557 http://www.iss.net/security_center/static/9303.php http://www.osvdb.org/5080 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0808
https://notcve.org/view.php?id=CVE-2002-0808
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=107718 http://www.iss.net/security_center/static/9305.php http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0811
https://notcve.org/view.php?id=CVE-2002-0811
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=130821 http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0807
https://notcve.org/view.php?id=CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=146447 http://www.iss.net/security_center/static/9304.php http://www.securityfocus.com/bid/4964 •
CVSS: 5.0EPSS: 7%CPEs: 4EXPL: 0CVE-2002-0803
https://notcve.org/view.php?id=CVE-2002-0803
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=126801 http://www.iss.net/security_center/static/9300.php http://www.securityfocus.com/bid/4964 •