| Max CVSS | 7.5 | Min CVSS | 5.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-0914 | 5.5 |
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
|
18-10-2018 - 16:29 | 28-02-2006 - 11:02 | |
| CVE-2006-0916 | 7.5 |
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another
|
18-10-2018 - 16:29 | 28-02-2006 - 11:02 | |
| CVE-2006-0913 | 5.5 |
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
|
18-10-2018 - 16:29 | 28-02-2006 - 11:02 | |
| CVE-2006-0915 | 7.5 |
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error.
|
08-03-2011 - 02:31 | 28-02-2006 - 11:02 |