Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Vulnerability Report: Bugzilla 2.x

This vulnerability report for Bugzilla 2.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in Bugzilla 2.x then you are more than welcome to contact us.


Table of Contents

1. Product Summary Only

2. Secunia Advisory Statistics (All time)
2.1. Statistics for 2014
2.2. Statistics for 2013
2.3. Statistics for 2012
2.4. Statistics for 2011
2.5. Statistics for 2010
2.6. Statistics for 2009
2.7. Statistics for 2008
2.8. Statistics for 2007
2.9. Statistics for 2006
2.10. Statistics for 2005
2.11. Statistics for 2004
2.12. Statistics for 2003

3. List of Secunia Advisories (All time)
3.1. List for 2014
3.2. List for 2013
3.3. List for 2012
3.4. List for 2011
3.5. List for 2010
3.6. List for 2009
3.7. List for 2008
3.8. List for 2007
3.9. List for 2006
3.10. List for 2005
3.11. List for 2004
3.12. List for 2003

4. Send Feedback
 
Vendor, Links, and Unpatched Vulnerabilities

Vendor Mozilla Foundation

Product Link View Here (Link to external site)

Affected By 31 Secunia advisories
46 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 6% (2 of 31 Secunia advisories)

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Bugzilla 2.x, with all vendor patches applied, is rated Moderately critical .




31 Secunia Advisories in 2003-2014

Secunia has issued a total of 31 Secunia advisories in 2003-2014 for Bugzilla 2.x. Currently, 6% (2 out of 31) are marked as unpatched with the most severe being rated Moderately critical

More information about the specific Secunia advisories affecting Bugzilla 2.x can be found below. Each Secunia advisory is enclosed by a box highlighted with a color representing its current patch status. You can read the complete Secunia advisories for thorough descriptions of the issues covered and for solution suggestions by clicking either the Secunia advisory title or the "Read More" links available for each Secunia advisory.



Bugzilla Information Disclosure Weakness and Cross-Site Scripting Vulnerability
Vendor Patch. Secunia Advisory 1 of 1 in 2013. 815 views.
Release Date:
2013-02-20
Secunia Advisory ID:
SA52254
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
Where:
From remote
Short Description:
A weakness and a vulnerability has been reported in Bugzilla, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla LDAP Injection and Template Disclosure Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 3 in 2012. 1,780 views.
Release Date:
2012-08-31
Secunia Advisory ID:
SA50433
Solution Status:
Vendor Patch
Criticality:
Impact:
Manipulation of data
Exposure of sensitive information
Where:
From remote
Short Description:
A vulnerability and a security issue have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. [Read More]


Bugzilla Two Information Disclosure Security Issues
Vendor Patch. Secunia Advisory 2 of 3 in 2012. 3,335 views.
Release Date:
2012-07-27
Secunia Advisory ID:
SA50040
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
Two security issues have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information. [Read More]


Bugzilla Cross-Site Request Forgery Vulnerability
Vendor Patch. Secunia Advisory 3 of 3 in 2012. 1,128 views.
Release Date:
2012-04-19
Secunia Advisory ID:
SA48835
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 3 in 2010. 2,471 views.
Release Date:
2010-11-03
Secunia Advisory ID:
SA42071
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct HTTP response splitting and cross-site scripting attacks [Read More]


Bugzilla Multiple Weaknesses and Vulnerability
Vendor Patch. Secunia Advisory 2 of 3 in 2010. 3,186 views.
Release Date:
2010-08-06
Secunia Advisory ID:
SA40892
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
DoS
Where:
From remote
Short Description:
Multiple weaknesses and a vulnerability have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information [Read More]


Bugzilla "Time-Tracking" and "localconfig" Information Disclosure
Vendor Patch. Secunia Advisory 3 of 3 in 2010. 3,474 views.
Release Date:
2010-06-25
Secunia Advisory ID:
SA40300
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
Where:
From remote
Short Description:
Two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious, local users and malicious people to disclose sensitive information. [Read More]


Bugzilla "attachment.cgi" Cross-Site Request Forgery Vulnerability
Unpatched. Secunia Advisory 1 of 3 in 2009. 2,507 views.
Release Date:
2009-03-31
Secunia Advisory ID:
SA34547
Solution Status:
Unpatched
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Script Insertion and Cross-Site Request Forgery
Vendor Patch. Secunia Advisory 2 of 3 in 2009. 4,323 views.
Release Date:
2009-02-03
Secunia Advisory ID:
SA33789
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Cross-Site Request Forgery Vulnerability
Unpatched. Secunia Advisory 3 of 3 in 2009. 3,816 views.
Release Date:
2009-02-03
Secunia Advisory ID:
SA33782
Solution Status:
Unpatched
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Quips Approval Security Bypass Security Issue
Vendor Patch. Secunia Advisory 1 of 3 in 2008. 4,067 views.
Release Date:
2008-11-07
Secunia Advisory ID:
SA32501
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
A security issue has been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions. [Read More]


Bugzilla importxml.pl Directory Traversal Vulnerability
Vendor Patch. Secunia Advisory 2 of 3 in 2008. 5,001 views.
Release Date:
2008-08-12
Secunia Advisory ID:
SA31444
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of system information
Exposure of sensitive information
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to disclose sensitive information. [Read More]


Bugzilla Security Bypass and Cross-Site Scripting Vulnerabilities
Vendor Patch. Secunia Advisory 3 of 3 in 2008. 8,037 views.
Release Date:
2008-05-05
Secunia Advisory ID:
SA30064
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions or by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla "createemailregexp" Security Bypass Vulnerability
Vendor Patch. Secunia Advisory 1 of 3 in 2007. 11,485 views.
Release Date:
2007-09-19
Secunia Advisory ID:
SA26848
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to bypass certain security restrictions. [Read More]


Bugzilla Security Issue and Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 3 in 2007. 12,988 views.
Release Date:
2007-08-24
Secunia Advisory ID:
SA26584
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
System access
Where:
From remote
Short Description:
Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to inject shell commands, and by malicious people to conduct cross-site scripting attacks and to disclose potentially sensitive information. [Read More]


Bugzilla Cross-Site Scripting Vulnerability
Vendor Patch. Secunia Advisory 3 of 3 in 2007. 9,853 views.
Release Date:
2007-02-05
Secunia Advisory ID:
SA24031
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to conduct cross-site scripting attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 2 in 2006. 12,997 views.
Release Date:
2006-10-16
Secunia Advisory ID:
SA22409
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious people or malicious users to disclose potentially sensitive information, conduct cross-site scripting, script insertion, and request forgery attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 2 in 2006. 12,586 views.
Release Date:
2006-02-22
Secunia Advisory ID:
SA18979
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to disclose sensitive information and conduct script insertion attacks. [Read More]


Bugzilla "syncshadowdb" Script Insecure Temporary File Creation
Vendor Patch. Secunia Advisory 1 of 5 in 2005. 10,541 views.
Release Date:
2005-12-26
Secunia Advisory ID:
SA18218
Solution Status:
Vendor Patch
Criticality:
Impact:
Privilege escalation
Where:
Local system
Short Description:
Javier Fernandez-Sanguino Pena has reported a vulnerability in Bugzilla, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. [Read More]


Bugzilla Two Information Disclosure Security Issues
Vendor Patch. Secunia Advisory 2 of 5 in 2005. 10,454 views.
Release Date:
2005-10-03
Secunia Advisory ID:
SA17030
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of system information
Exposure of sensitive information
Where:
From remote
Short Description:
Two security issues have been reported in Bugzilla, which can be exploited by malicious people to disclose system and potentially sensitive information. [Read More]


Bugzilla Two Information Disclosure Vulnerabilities
Vendor Patch. Secunia Advisory 3 of 5 in 2005. 9,282 views.
Release Date:
2005-07-11
Secunia Advisory ID:
SA16021
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
Two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and gain knowledge of sensitive information. [Read More]


Bugzilla Two Information Disclosure Weaknesses
Vendor Patch. Secunia Advisory 4 of 5 in 2005. 9,852 views.
Release Date:
2005-05-12
Secunia Advisory ID:
SA15338
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of system information
Exposure of sensitive information
Where:
From remote
Short Description:
Two weaknesses have been reported in Bugzilla, which can be exploited by malicious users to gain knowledge of sensitive information. [Read More]


Bugzilla Internal Error Response Cross-Site Scripting
Vendor Patch. Secunia Advisory 5 of 5 in 2005. 13,085 views.
Release Date:
2005-01-04
Secunia Advisory ID:
SA13701
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
Michael Krax has reported a vulnerability in Bugzilla, which can be exploited by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla Multiple Security Issues
Vendor Patch. Secunia Advisory 1 of 2 in 2004. 9,594 views.
Release Date:
2004-10-25
Secunia Advisory ID:
SA12939
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
Where:
From remote
Short Description:
Three security issues have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and gain knowledge of potentially sensitive information. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 2 in 2004. 10,225 views.
Release Date:
2004-07-14
Secunia Advisory ID:
SA12057
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information
Privilege escalation
Where:
From remote
Short Description:
Multiple vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to gain knowledge of sensitive information, or conduct cross-site scripting and SQL injection attacks. [Read More]


Bugzilla Information Disclosure Vulnerability
Vendor Patch. Secunia Advisory 1 of 4 in 2003. 7,341 views.
Release Date:
2003-11-13
Secunia Advisory ID:
SA10199
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla development version 2.17.5, which can be exploited by malicious users to gain access to unprivileged access to restricted data. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 4 in 2003. 9,274 views.
Release Date:
2003-11-05
Secunia Advisory ID:
SA10149
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Manipulation of data
Exposure of sensitive information
Privilege escalation
Where:
From remote
Short Description:
Multiple vulnerabilities have been identified in Bugzilla allowing malicious users to inject SQL or view sensitive information. [Read More]


Bugzilla XSS and Insecure Temporary File Creation Vulnerabilities
Vendor Patch. Secunia Advisory 3 of 4 in 2003. 8,855 views.
Release Date:
2003-04-26
Secunia Advisory ID:
SA8669
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Privilege escalation
Where:
From remote
Short Description:
Multiple vulnerabilities have been identified in Bugzilla, which can either be exploited by malicious users to conduct Cross-Site Scripting attacks, or by malicious, local users to escalate privileges on a vulnerable system. [Read More]


Bugzilla insecure file permissions
Vendor Patch. Secunia Advisory 4 of 4 in 2003. 7,009 views.
Release Date:
2003-01-03
Secunia Advisory ID:
SA7805
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
Where:
From remote
Short Description:
[Read More]


Bugzilla Cross Site Scripting
Vendor Patch. Secunia Advisory 1 of 2 in 2002. 7,583 views.
Release Date:
2002-11-27
Secunia Advisory ID:
SA7613
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
Bugzilla versions prior to 2.10 suffered a Cross Site Scripting vulnerability, however if you have upgraded from versions 2.10 and prior you may still be vulnerable. [Read More]


Bugzilla, sql injection, command injection and permissions leak
Vendor Patch. Secunia Advisory 2 of 2 in 2002. 6,108 views.
Release Date:
2002-10-01
Secunia Advisory ID:
SA7187
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
Bugzilla has been found to contain a number of vulnerabilities. [Read More]





Discuss this Product
A new thread in our forum is automatically created for each Product. Activate the thread by commenting/discussing below.
Subject: Bugzilla 2.x 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability