Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alstrasoft vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2007-2776
AlstraSoft Template Seller Pro 3.25 and previous versions sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote malicious users to inject a credential variable setting and obtain administrative access via a direct r...
Alstrasoft Template Seller
1 EDB exploit
645
VMScore
CVE-2006-6819
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a backup database via a direct request for admin/backup/db.
Alstrasoft Webhost Directory
1 EDB exploit
755
VMScore
CVE-2007-2777
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
Alstrasoft Template Seller
1 EDB exploit
570
VMScore
CVE-2005-4651
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote malicious users to execute arbitrary SQL commands via the pmodule parameter.
Alstrasoft Epay 2.0
445
VMScore
CVE-2006-6817
AlstraSoft Web Host Directory allows remote malicious users to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
Alstrasoft Webhost Directory
668
VMScore
CVE-2006-6818
AlstraSoft Web Host Directory allows remote malicious users to bypass authentication and change the admin password via a direct request to admin/config.
Alstrasoft Webhost Directory
383
VMScore
CVE-2007-4083
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote malicious users to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.
Alstrasoft Askme Pro
685
VMScore
CVE-2007-4085
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote malicious users to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
Alstrasoft Askme Pro
1 EDB exploit
1000
VMScore
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
1 EDB exploit
755
VMScore
CVE-2006-4913
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote malicious users to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonst...
Alstrasoft E-friends 4.85
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »