
CVE-2005-2173
https://notcve.org/view.php?id=CVE-2005-2173
08 Jul 2005 — The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. • http://securitytracker.com/id?1014428 •

CVE-2005-1563
https://notcve.org/view.php?id=CVE-2005-1563
14 May 2005 — Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •

CVE-2005-1565
https://notcve.org/view.php?id=CVE-2005-1565
12 May 2005 — Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040 •

CVE-2005-1564
https://notcve.org/view.php?id=CVE-2005-1564
12 May 2005 — post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. • http://marc.info/?l=bugtraq&m=111592031902962&w=2 •

CVE-2004-1633
https://notcve.org/view.php?id=CVE-2004-1633
25 Oct 2004 — process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. • http://marc.info/?l=bugtraq&m=109872095201238&w=2 •