CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2006-0914
https://notcve.org/view.php?id=CVE-2006-0914
28 Feb 2006 — Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. • http://www.securityfocus.com/archive/1/425584/100/0/threaded • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0915
https://notcve.org/view.php?id=CVE-2006-0915
28 Feb 2006 — Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. • http://www.vupen.com/english/advisories/2006/0692 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0916
https://notcve.org/view.php?id=CVE-2006-0916
28 Feb 2006 — Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. • http://secunia.com/advisories/18979 •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2005-4534
https://notcve.org/view.php?id=CVE-2005-4534
28 Dec 2005 — The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329387 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2005-3138
https://notcve.org/view.php?id=CVE-2005-3138
05 Oct 2005 — Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2005-3139
https://notcve.org/view.php?id=CVE-2005-3139
05 Oct 2005 — Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
08 Jul 2005 — The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2005-2174
https://notcve.org/view.php?id=CVE-2005-2174
08 Jul 2005 — Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. • http://securitytracker.com/id?1014428 •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2005-1563
https://notcve.org/view.php?id=CVE-2005-1563
14 May 2005 — Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 2CVE-2005-1564
https://notcve.org/view.php?id=CVE-2005-1564
12 May 2005 — post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. • http://marc.info/?l=bugtraq&m=111592031902962&w=2 •