CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2002-2260
https://notcve.org/view.php?id=CVE-2002-2260
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. • http://bugzilla.mozilla.org/show_bug.cgi?id=179329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1196
https://notcve.org/view.php?id=CVE-2002-1196
28 Oct 2002 — editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. editproducts.cgi en Bugzilla 2.14.x anteriores a 2.14.4 y 2.16 anteriores a 2.16.1, cuando la característica "usebuggroups" está activada y se especifican más de 47 grupos, no calcula adecuadamente v... • http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2002-1197
https://notcve.org/view.php?id=CVE-2002-1197
28 Oct 2002 — bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. bugzilla_email_append.pl en Bugzilla 2.14.x antes de 2.14.4, y 2.16.x antes de 2.16.1, permite a atacantes remotos ejecutar código arbitrario mediante metacaracteres de shell en una llamada de sistema a processmail. • http://bugzilla.mozilla.org/show_bug.cgi?id=163024 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2002-1198
https://notcve.org/view.php?id=CVE-2002-1198
28 Oct 2002 — Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Bugzilla 2.16.x anteriores a 2.16.1 no filtra apropiadamente apóstrofes de direcciones de correo electrónico durante la creación de cuentas, lo que permite a atacantes remotos ejecutar SQL arbitrario mediante un ataque de inyección de SQL. • http://bugzilla.mozilla.org/show_bug.cgi?id=165221 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0804
https://notcve.org/view.php?id=CVE-2002-0804
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0805
https://notcve.org/view.php?id=CVE-2002-0805
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0806
https://notcve.org/view.php?id=CVE-2002-0806
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0808
https://notcve.org/view.php?id=CVE-2002-0808
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0809
https://notcve.org/view.php?id=CVE-2002-0809
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names. • http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-0810
https://notcve.org/view.php?id=CVE-2002-0810
12 Aug 2002 — Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc •