ReportizFlow
Filtered by vendor Alstrasoft
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | ||||
| CVE-2008-3954 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. | ||||
| CVE-2008-2857 | 1 Alstrasoft | 1 Askme | 2025-04-09 | N/A |
| AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | N/A |
| SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085. | ||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-09 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | ||||
| CVE-2007-2777 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | ||||
| CVE-2008-5649 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2007-2017 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. | ||||
| CVE-2007-2018 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | ||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2025-04-09 | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | ||||
| CVE-2008-3240 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action. | ||||
| CVE-2007-4086 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php. | ||||
| CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | ||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | ||||
| CVE-2006-2566 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | ||||
| CVE-2006-2567 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | ||||
| CVE-2006-4443 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | ||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | ||||