CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0916
https://notcve.org/view.php?id=CVE-2006-0916
28 Feb 2006 — Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. • http://secunia.com/advisories/18979 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2005-3138
https://notcve.org/view.php?id=CVE-2005-3138
05 Oct 2005 — Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2005-3139
https://notcve.org/view.php?id=CVE-2005-3139
05 Oct 2005 — Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. • http://marc.info/?l=bugtraq&m=112818466125484&w=2 •