Filtered by vendor Alstrasoft
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | ||||
| CVE-2005-3062 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter. | ||||
| CVE-2005-3798 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | N/A |
| SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2006-4443 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | ||||
| CVE-2006-4591 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. | ||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | ||||
| CVE-2006-2567 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | ||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. | ||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | ||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | ||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. | ||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | ||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | ||||
| CVE-2005-3795 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. | ||||
| CVE-2005-3026 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | ||||
| CVE-2005-3797 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | ||||