Prozilla
Products
15- 8 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2961 | 0.04 | — | 0.09 | Oct 5, 2005 | Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an tag. | |||
| CVE-2005-0523 | 0.04 | — | 0.10 | May 2, 2005 | Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | |||
| CVE-2004-1120 | 0.04 | — | 0.15 | Jan 10, 2005 | Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | |||
| CVE-2002-0959 | 0.04 | — | 0.07 | Oct 4, 2002 | Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. | |||
| CVE-2008-6115 | 0.03 | — | 0.01 | Feb 11, 2009 | SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083. | |||
| CVE-2008-2083 | 0.03 | — | 0.01 | May 5, 2008 | SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||
| CVE-2008-1863 | 0.03 | — | 0.02 | Apr 17, 2008 | SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-1864 | 0.03 | — | 0.01 | Apr 17, 2008 | SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. | |||
| CVE-2008-1788 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-1789 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||
| CVE-2008-1783 | 0.03 | — | 0.02 | Apr 15, 2008 | Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | |||
| CVE-2008-1785 | 0.03 | — | 0.02 | Apr 15, 2008 | delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | |||
| CVE-2008-1784 | 0.03 | — | 0.03 | Apr 15, 2008 | Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | |||
| CVE-2007-4362 | 0.03 | — | 0.01 | Aug 15, 2007 | SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2007-4258 | 0.03 | — | 0.01 | Aug 8, 2007 | SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2007-4056 | 0.03 | — | 0.01 | Jul 30, 2007 | SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo… | |||
| CVE-2007-3809 | 0.03 | — | 0.01 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | |||
| CVE-2007-3267 | 0.03 | — | 0.02 | Jun 19, 2007 | Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | |||
| CVE-2007-3235 | 0.03 | — | 0.01 | Jun 15, 2007 | Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | |||
| CVE-2005-3394 | 0.03 | — | 0.01 | Nov 1, 2005 | Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module. |
- CVE-2005-2961Oct 5, 2005risk 0.04cvss —epss 0.09
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an tag.
- CVE-2005-0523May 2, 2005risk 0.04cvss —epss 0.10
Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.
- CVE-2004-1120Jan 10, 2005risk 0.04cvss —epss 0.15
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
- CVE-2002-0959Oct 4, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
- CVE-2008-6115Feb 11, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
- CVE-2008-2083May 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
- CVE-2008-1863Apr 17, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-1864Apr 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
- CVE-2008-1788Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-1789Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
- CVE-2008-1783Apr 15, 2008risk 0.03cvss —epss 0.02
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
- CVE-2008-1785Apr 15, 2008risk 0.03cvss —epss 0.02
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
- CVE-2008-1784Apr 15, 2008risk 0.03cvss —epss 0.03
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
- CVE-2007-4362Aug 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-4258Aug 8, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-4056Jul 30, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo…
- CVE-2007-3809Jul 17, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
- CVE-2007-3267Jun 19, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
- CVE-2007-3235Jun 15, 2007risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
- CVE-2005-3394Nov 1, 2005risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.