Vulnerability Description
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prozilla | Prozilla Download Accelerator | 1.3.7.4 |
References
- http://secunia.com/advisories/17021/Vendor Advisory
- http://secunia.com/advisories/17035
- http://www.debian.org/security/2005/dsa-834PatchVendor Advisory
- http://www.securityfocus.com/bid/14993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22491
- http://secunia.com/advisories/17021/Vendor Advisory
- http://secunia.com/advisories/17035
- http://www.debian.org/security/2005/dsa-834PatchVendor Advisory
- http://www.securityfocus.com/bid/14993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22491
FAQ
What is CVE-2005-2961?
CVE-2005-2961 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response wi...
How severe is CVE-2005-2961?
CVE-2005-2961 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2961?
Check the references section above for vendor advisories and patch information. Affected products include: Prozilla Prozilla Download Accelerator.