Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alstrasoft vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2006-4591
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote malicious users to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) ...
Alstrasoft Template Seller 3.25
Alstrasoft Template Seller
1 EDB exploit
755
VMScore
CVE-2008-6932
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
Alstrasoft Sendit
1 EDB exploit
505
VMScore
CVE-2008-2857
AlstraSoft AskMe Pro 2.1 and previous versions stores passwords in cleartext in a MySQL database, which allows context-dependent malicious users to obtain sensitive information.
Alstrasoft Askme
1 EDB exploit
505
VMScore
CVE-2005-3026
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the read parameter.
Alstrasoft Epay
1 EDB exploit
454
VMScore
CVE-2005-4530
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote malicious users to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (...
Alstrasoft Epay 3.0
570
VMScore
CVE-2005-4651
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote malicious users to execute arbitrary SQL commands via the pmodule parameter.
Alstrasoft Epay 2.0
755
VMScore
CVE-2008-2902
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
Alstrasoft Askme Pro
1 EDB exploit
685
VMScore
CVE-2007-4085
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote malicious users to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
Alstrasoft Askme Pro
1 EDB exploit
435
VMScore
CVE-2006-0222
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote malicious users to inject arbitrary web script or HTML via the tempid parameter.
Alstrasoft Template Seller
1 EDB exploit
383
VMScore
CVE-2007-4083
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote malicious users to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.
Alstrasoft Askme Pro
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »