ProzillaCVEs & Vulnerabilities

15 CVEs affecting Prozilla products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

prozilla download accelerator 20hosting index 2forum 1prozilla directory script 1prozilla freelancers 1prozilla pub site directory 1reviews 1top 100 1
CVE-2008-6115HIGHpoc

SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.

11 Feb 2009
7.5
CVSS
CVE-2008-2083MEDIUMpoc

SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

5 May 2008
6.8
CVSS
CVE-2008-1863HIGHpoc

SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

17 Apr 2008
7.5
CVSS
CVE-2008-1864HIGHpoc

SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.

17 Apr 2008
7.5
CVSS
CVE-2008-1788HIGHpoc

SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.

15 Apr 2008
7.5
CVSS
CVE-2008-1789MEDIUMpoc

SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

15 Apr 2008
6.8
CVSS
CVE-2008-1783MEDIUMpoc

Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.

15 Apr 2008
6.4
CVSS
CVE-2008-1785MEDIUMpoc

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.

15 Apr 2008
5.5
CVSS
CVE-2008-1784HIGHpoc

Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.

15 Apr 2008
7.5
CVSS
CVE-2007-4362MEDIUMpoc

SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.

15 Aug 2007
6.8
CVSS
CVE-2007-4258HIGHpoc

SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.

9 Aug 2007
7.5
CVSS
CVE-2007-3809HIGHpoc

Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.

17 Jul 2007
7.5
CVSS
CVE-2005-2961HIGHpoc

Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.

5 Oct 2005
7.5
CVSS
CVE-2005-0523HIGHpoc

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.

2 May 2005
7.5
CVSS
CVE-2004-1120CRITICALpoc

Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.

10 Jan 2005
10.0
CVSS
← PrevPage 1 / 1Next →