CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2003-0603
https://notcve.org/view.php?id=CVE-2003-0603
29 Jul 2003 — Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. Bugzilla 2.16.x anteriores a 2.16.3, 2.17.x anterioreas a 2.17.4, y versiones anteriores permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales que son creados en directorios con ... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0012
https://notcve.org/view.php?id=CVE-2003-0012
17 Jan 2003 — The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. El script de recogida de datos de Bugzilla 2.14.x anteriores a 2.14.5, 2.16.x anteriores de 2.16.2, y 2.17.x anteriores a 2.17.3 establece permisos de escritura para todo el mundo en el directorio de recogida de datos cuando se ejecuta, lo que permite a usuarios locales m... • http://marc.info/?l=bugtraq&m=104154319200399&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0013
https://notcve.org/view.php?id=CVE-2003-0013
17 Jan 2003 — The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. Los scripts .htaccess por defecto en Bugzilla 2.14.x anteriores a 2.14.5, 2.16.x anteriores a 2.16.2, y 2.17.x anteriores a 2.17.3 no bloquean el acceso a copias de seguridad del f... • http://marc.info/?l=bugtraq&m=104154319200399&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2002-2260
https://notcve.org/view.php?id=CVE-2002-2260
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. • http://bugzilla.mozilla.org/show_bug.cgi?id=179329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •