MidnightBSD

Advisories for prozilla

CVE-2004-1120 HIGH

Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
prozilla prozilla_download_accelerator 1.3.5
prozilla prozilla_download_accelerator 1.3.2
prozilla prozilla_download_accelerator 1.3.1
prozilla prozilla_download_accelerator 1.3.5.2
prozilla prozilla_download_accelerator 1.3.6
prozilla prozilla_download_accelerator 1.0.0
prozilla prozilla_download_accelerator 1.3.3
prozilla prozilla_download_accelerator 1.3.5.1
prozilla prozilla_download_accelerator 1.3.0
prozilla prozilla_download_accelerator 1.3.4
CVE-2005-0523 HIGH

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
prozilla prozilla_download_accelerator 1.3.5
prozilla prozilla_download_accelerator 1.3.2
prozilla prozilla_download_accelerator 1.3.1
prozilla prozilla_download_accelerator 1.3.5.2
prozilla prozilla_download_accelerator 1.3.6
prozilla prozilla_download_accelerator 1.3.3
prozilla prozilla_download_accelerator 1.3.5.1
prozilla prozilla_download_accelerator 1.3.0
prozilla prozilla_download_accelerator 1.3.4
CVE-2005-2961 HIGH

Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
prozilla prozilla_download_accelerator 1.3.7.4