Vulnerabilities > Mozilla > Bugzilla > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-08-18 | CVE-2003-1042 | Multiple vulnerability in Bugzilla SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. | 10.0 |
2004-08-18 | CVE-2003-1043 | Multiple vulnerability in Bugzilla SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. | 10.0 |
2004-08-18 | CVE-2004-0769 | Unspecified vulnerability in Mozilla Bugzilla Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | 10.0 |
2002-01-31 | CVE-2002-0007 | Authentication Bypass vulnerability in BugZilla LDAP CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | 10.0 |