CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2007-4539
https://notcve.org/view.php?id=CVE-2007-4539
27 Aug 2007 — The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. La interfaz WebService (XML-RPC) en Bugzilla 2.23.3 hasta la 3.0.0 no hace cumplir los permisos para los campos time-tracking de los fallos (bugs), lo cual permite a atacantes remotos obtener información sensible a tra... • http://osvdb.org/37202 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5455
https://notcve.org/view.php?id=CVE-2006-5455
23 Oct 2006 — Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editversions.cgi en Bugzilla anterior a 2.22.1 y 2.23.x anteriores a 2.23.3 permite a atacantes remotos con intervención del usuario crear, modificar o borrar informes de "bugs" de su elección mediante una URL cr... • http://secunia.com/advisories/22409 •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2005-4534
https://notcve.org/view.php?id=CVE-2005-4534
28 Dec 2005 — The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1633
https://notcve.org/view.php?id=CVE-2004-1633
25 Oct 2004 — process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. • http://marc.info/?l=bugtraq&m=109872095201238&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1634
https://notcve.org/view.php?id=CVE-2004-1634
25 Oct 2004 — show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. • http://marc.info/?l=bugtraq&m=109872095201238&w=2 •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2004-1635
https://notcve.org/view.php?id=CVE-2004-1635
24 Oct 2004 — Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. • http://marc.info/?l=bugtraq&m=109872095201238&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2004-0702
https://notcve.org/view.php?id=CVE-2004-0702
21 Jul 2004 — DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information. DBI de Bugzilla 2.17.1 a 2.17.7 muestra la contraseña de la base de datos en un mensaje de error cuando el servidor SQL no está corriendo, lo que podría permitir a atacantes remotos obtener información sensible. • http://marc.info/?l=bugtraq&m=108965446813639&w=2 •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2004-0703
https://notcve.org/view.php?id=CVE-2004-0703
21 Jul 2004 — Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. Vulnerabilidad desconocida en los controles administrativos de Bugzilla 2.17.1 a 2.17.7 permite a usuarios con privilegios "grant membership" hacer miembros a grupos que el usuario no controla. • http://marc.info/?l=bugtraq&m=108965446813639&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2004-0704
https://notcve.org/view.php?id=CVE-2004-0704
21 Jul 2004 — Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. Vulnerabilidad desconocida en (1)duplicates.cgi y (2) buglist.cgi de Bugzilla 2.16.x anteriores a 2.16.6, 2.18 anteriores a 2.19rc1, cuando se configuran para esconder productos, permite a atacantes remotos ver los productos ocultos. • http://marc.info/?l=bugtraq&m=108965446813639&w=2 •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2004-0705
https://notcve.org/view.php?id=CVE-2004-0705
21 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. Múltiples vulnerabilidades de secuencias de órdenes en sitios cruzados (XSS) en (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5)... • http://bugzilla.mozilla.org/show_bug.cgi?id=235265 •