CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0810
https://notcve.org/view.php?id=CVE-2002-0810
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=92263 http://www.iss.net/security_center/static/9306.php http://www.osvdb.org/6399 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0805
https://notcve.org/view.php?id=CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=134575 http://www.iss.net/security_center/static/9302.php http://www.osvdb.org/6395 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0806
https://notcve.org/view.php?id=CVE-2002-0806
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=141557 http://www.iss.net/security_center/static/9303.php http://www.osvdb.org/5080 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0804
https://notcve.org/view.php?id=CVE-2002-0804
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=129466 http://www.iss.net/security_center/static/9301.php http://www.osvdb.org/6394 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0807
https://notcve.org/view.php?id=CVE-2002-0807
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=146447 http://www.iss.net/security_center/static/9304.php http://www.securityfocus.com/bid/4964 •