Prozilla : Security Vulnerabilities, CVEs, CVSS score >= 4
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-02-11
Updated
2017-09-29
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
Max CVSS
6.8
EPSS Score
0.26%
Published
2008-05-05
Updated
2018-10-11
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-04-17
Updated
2017-09-29
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-04-17
Updated
2017-09-29
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-04-15
Updated
2017-09-29
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-04-15
Updated
2017-10-19
delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter.
Max CVSS
5.5
EPSS Score
0.39%
Published
2008-04-15
Updated
2017-09-29
Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/.
Max CVSS
7.5
EPSS Score
3.71%
Published
2008-04-15
Updated
2017-09-29
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php.
Max CVSS
6.4
EPSS Score
5.14%
Published
2008-04-15
Updated
2017-09-29
SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
6.8
EPSS Score
1.07%
Published
2007-08-15
Updated
2017-10-19
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2007-08-08
Updated
2017-09-29
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2007-07-17
Updated
2017-09-29
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
Max CVSS
7.5
EPSS Score
1.01%
Published
2005-10-05
Updated
2017-07-11
Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.
Max CVSS
7.5
EPSS Score
5.10%
Published
2005-05-02
Updated
2008-09-05
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
Max CVSS
10.0
EPSS Score
1.12%
Published
2005-01-10
Updated
2017-07-11
15 vulnerabilities found