Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

alstrasoft e-friends vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2007-6106
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and previous versions allows remote malicious users to execute arbitrary SQL commands via the seid parameter in a viewevent action.
Alstrasoft E-friends
10
CVSSv2
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
6.4
CVSSv2
CVE-2007-4080
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote malicious users to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
Alstrasoft E-friends 4.0
7.5
CVSSv2
CVE-2006-4913
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote malicious users to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonst...
Alstrasoft E-friends 4.85
4.3
CVSSv2
CVE-2006-2564
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote malicious users to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
Alstrasoft E-friends 4.0
7.5
CVSSv2
CVE-2005-3062
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote malicious users to execute arbitrary PHP code via the mode parameter.
Alstrasoft E-friends 4.0
7.5
CVSSv2
CVE-2008-5751
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote malicious users to execute arbitrary SQL commands via the id parameter in a directory action.
Alstrasoft Web Email Script Enterprise Nil
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook