CVE-2002-0010

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2002-0010
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Patch Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
http://bugzilla.mozilla.org/show_bug.cgi?id=108812
http://bugzilla.mozilla.org/show_bug.cgi?id=108821
http://bugzilla.mozilla.org/show_bug.cgi?id=108822
http://bugzilla.mozilla.org/show_bug.cgi?id=109679
http://bugzilla.mozilla.org/show_bug.cgi?id=109690
http://rhn.redhat.com/errata/RHSA-2002-001.html
http://www.bugzilla.org/bugzilla2.14to2.14.1.patch
http://www.bugzilla.org/security2_14_1.html
http://www.iss.net/security_center/static/7807.php
http://www.iss.net/security_center/static/7809.php
http://www.iss.net/security_center/static/7811.php
http://www.iss.net/security_center/static/7813.php
http://www.iss.net/security_center/static/7814.php
http://www.securityfocus.com/bid/3801
http://www.securityfocus.com/bid/3802
http://www.securityfocus.com/bid/3804
http://www.securityfocus.com/bid/3805
http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Patch Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
http://bugzilla.mozilla.org/show_bug.cgi?id=108812
http://bugzilla.mozilla.org/show_bug.cgi?id=108821
http://bugzilla.mozilla.org/show_bug.cgi?id=108822
http://bugzilla.mozilla.org/show_bug.cgi?id=109679
http://bugzilla.mozilla.org/show_bug.cgi?id=109690
http://rhn.redhat.com/errata/RHSA-2002-001.html
http://www.bugzilla.org/bugzilla2.14to2.14.1.patch
http://www.bugzilla.org/security2_14_1.html
http://www.iss.net/security_center/static/7807.php
http://www.iss.net/security_center/static/7809.php
http://www.iss.net/security_center/static/7811.php
http://www.iss.net/security_center/static/7813.php
http://www.iss.net/security_center/static/7814.php
http://www.securityfocus.com/bid/3801
http://www.securityfocus.com/bid/3802
http://www.securityfocus.com/bid/3804
http://www.securityfocus.com/bid/3805
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*
History

20 Nov 2024, 23:38

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html - Patch, Vendor Advisory () http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html - Patch, Vendor Advisory
References () http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html - () http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html -
References () http://bugzilla.mozilla.org/show_bug.cgi?id=108812 - () http://bugzilla.mozilla.org/show_bug.cgi?id=108812 -
References () http://bugzilla.mozilla.org/show_bug.cgi?id=108821 - () http://bugzilla.mozilla.org/show_bug.cgi?id=108821 -
References () http://bugzilla.mozilla.org/show_bug.cgi?id=108822 - () http://bugzilla.mozilla.org/show_bug.cgi?id=108822 -
References () http://bugzilla.mozilla.org/show_bug.cgi?id=109679 - () http://bugzilla.mozilla.org/show_bug.cgi?id=109679 -
References () http://bugzilla.mozilla.org/show_bug.cgi?id=109690 - () http://bugzilla.mozilla.org/show_bug.cgi?id=109690 -
References () http://rhn.redhat.com/errata/RHSA-2002-001.html - () http://rhn.redhat.com/errata/RHSA-2002-001.html -
References () http://www.bugzilla.org/bugzilla2.14to2.14.1.patch - () http://www.bugzilla.org/bugzilla2.14to2.14.1.patch -
References () http://www.bugzilla.org/security2_14_1.html - () http://www.bugzilla.org/security2_14_1.html -
References () http://www.iss.net/security_center/static/7807.php - () http://www.iss.net/security_center/static/7807.php -
References () http://www.iss.net/security_center/static/7809.php - () http://www.iss.net/security_center/static/7809.php -
References () http://www.iss.net/security_center/static/7811.php - () http://www.iss.net/security_center/static/7811.php -
References () http://www.iss.net/security_center/static/7813.php - () http://www.iss.net/security_center/static/7813.php -
References () http://www.iss.net/security_center/static/7814.php - () http://www.iss.net/security_center/static/7814.php -
References () http://www.securityfocus.com/bid/3801 - () http://www.securityfocus.com/bid/3801 -
References () http://www.securityfocus.com/bid/3802 - () http://www.securityfocus.com/bid/3802 -
References () http://www.securityfocus.com/bid/3804 - () http://www.securityfocus.com/bid/3804 -
References () http://www.securityfocus.com/bid/3805 - () http://www.securityfocus.com/bid/3805 -
Information

Published : 2002-01-31 05:00

Updated : 2024-11-20 23:38

NVD link : CVE-2002-0010

Mitre link : CVE-2002-0010

CVE.ORG link : CVE-2002-0010

JSON object : View

Products Affected

mozilla

  • bugzilla
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024