Filtered by vendor Alstrasoft
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | ||||
| CVE-2007-6106 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | ||||
| CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | N/A |
| SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085. | ||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2007-5223 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. | ||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | ||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2025-04-09 | N/A |
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | ||||
| CVE-2007-4085 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php. | ||||
| CVE-2007-4079 | 1 Alstrasoft | 1 Sms Text Messaging Enterprise | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. | ||||
| CVE-2007-4082 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | ||||
| CVE-2007-4083 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php. | ||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | ||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | ||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | ||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | ||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. | ||||
| CVE-2005-3797 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | ||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | ||||
| CVE-2006-2616 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-03 | N/A |
| SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter. | ||||