Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alstrasoft vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4591
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote malicious users to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) ...
Alstrasoft Template Seller 3.25
Alstrasoft Template Seller
1 EDB exploit
5
CVSSv2
CVE-2005-3026
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the read parameter.
Alstrasoft Epay
1 EDB exploit
5
CVSSv2
CVE-2008-2857
AlstraSoft AskMe Pro 2.1 and previous versions stores passwords in cleartext in a MySQL database, which allows context-dependent malicious users to obtain sensitive information.
Alstrasoft Askme
1 EDB exploit
7.5
CVSSv2
CVE-2008-6932
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
Alstrasoft Sendit
1 EDB exploit
7.5
CVSSv2
CVE-2007-2777
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
Alstrasoft Template Seller
1 EDB exploit
7.5
CVSSv2
CVE-2005-0980
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote malicious users to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
Alstrasoft Epay 2.0
1 EDB exploit
5
CVSSv2
CVE-2006-6817
AlstraSoft Web Host Directory allows remote malicious users to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
Alstrasoft Webhost Directory
7.5
CVSSv2
CVE-2006-6818
AlstraSoft Web Host Directory allows remote malicious users to bypass authentication and change the admin password via a direct request to admin/config.
Alstrasoft Webhost Directory
6.4
CVSSv2
CVE-2006-6819
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a backup database via a direct request for admin/backup/db.
Alstrasoft Webhost Directory
1 EDB exploit
6.4
CVSSv2
CVE-2005-4651
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote malicious users to execute arbitrary SQL commands via the pmodule parameter.
Alstrasoft Epay 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »