Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alstrasoft vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2005-0981
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
Alstrasoft Epay 2.0
1 EDB exploit
5
CVSSv2
CVE-2006-6817
AlstraSoft Web Host Directory allows remote malicious users to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
Alstrasoft Webhost Directory
7.5
CVSSv2
CVE-2006-6818
AlstraSoft Web Host Directory allows remote malicious users to bypass authentication and change the admin password via a direct request to admin/config.
Alstrasoft Webhost Directory
7.5
CVSSv2
CVE-2008-2902
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
Alstrasoft Askme Pro
1 EDB exploit
5.1
CVSSv2
CVE-2005-4530
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote malicious users to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (...
Alstrasoft Epay 3.0
6.4
CVSSv2
CVE-2005-4651
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote malicious users to execute arbitrary SQL commands via the pmodule parameter.
Alstrasoft Epay 2.0
10
CVSSv2
CVE-2007-2776
AlstraSoft Template Seller Pro 3.25 and previous versions sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote malicious users to inject a credential variable setting and obtain administrative access via a direct r...
Alstrasoft Template Seller
1 EDB exploit
7.5
CVSSv2
CVE-2007-2777
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
Alstrasoft Template Seller
1 EDB exploit
6.4
CVSSv2
CVE-2006-6819
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a backup database via a direct request for admin/backup/db.
Alstrasoft Webhost Directory
1 EDB exploit
7.5
CVSSv2
CVE-2005-3798
SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote malicious users to execute arbitrary SQL commands via the username field.
Alstrasoft Template Seller 3.25
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »