Prozilla
Products
12- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-0523 | 0.04 | — | 0.07 | May 2, 2005 | Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header. | ||
| CVE-2004-1120 | 0.04 | — | 0.10 | Jan 10, 2005 | Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | ||
| CVE-2008-6115 | 0.03 | — | 0.01 | Feb 11, 2009 | SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083. | ||
| CVE-2008-2083 | 0.03 | — | 0.01 | May 5, 2008 | SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | ||
| CVE-2008-1863 | 0.03 | — | 0.00 | Apr 17, 2008 | SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-1864 | 0.03 | — | 0.01 | Apr 17, 2008 | SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. | ||
| CVE-2008-1789 | 0.03 | — | 0.00 | Apr 15, 2008 | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | ||
| CVE-2008-1788 | 0.03 | — | 0.00 | Apr 15, 2008 | SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-1783 | 0.03 | — | 0.06 | Apr 15, 2008 | Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. | ||
| CVE-2008-1784 | 0.03 | — | 0.06 | Apr 15, 2008 | Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. | ||
| CVE-2008-1785 | 0.03 | — | 0.04 | Apr 15, 2008 | delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter. | ||
| CVE-2007-4362 | 0.03 | — | 0.01 | Aug 15, 2007 | SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||
| CVE-2007-4258 | 0.03 | — | 0.01 | Aug 8, 2007 | SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||
| CVE-2007-3809 | 0.03 | — | 0.01 | Jul 17, 2007 | Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | ||
| CVE-2005-2961 | 0.03 | — | 0.06 | Oct 5, 2005 | Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. |
- CVE-2005-0523May 2, 2005risk 0.04cvss —epss 0.07
Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.
- CVE-2004-1120Jan 10, 2005risk 0.04cvss —epss 0.10
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
- CVE-2008-6115Feb 11, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
- CVE-2008-2083May 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
- CVE-2008-1863Apr 17, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-1864Apr 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
- CVE-2008-1789Apr 15, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
- CVE-2008-1788Apr 15, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-1783Apr 15, 2008risk 0.03cvss —epss 0.06
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
- CVE-2008-1784Apr 15, 2008risk 0.03cvss —epss 0.06
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
- CVE-2008-1785Apr 15, 2008risk 0.03cvss —epss 0.04
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
- CVE-2007-4362Aug 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-4258Aug 8, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2007-3809Jul 17, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
- CVE-2005-2961Oct 5, 2005risk 0.03cvss —epss 0.06
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.