Filtered by vendor Alstrasoft
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6932 | 1 Alstrasoft | 1 Sendit | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/. | ||||
| CVE-2008-5649 | 1 Alstrasoft | 1 Article Manager Pro | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2008-5650 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter. | ||||
| CVE-2007-2776 | 1 Alstrasoft | 1 Template Seller | 2026-04-23 | N/A |
| AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | ||||
| CVE-2007-4080 | 1 Alstrasoft | 1 E-friends | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. | ||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | ||||
| CVE-2007-2775 | 1 Alstrasoft | 1 Live Support | 2026-04-23 | N/A |
| AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | ||||
| CVE-2007-4082 | 1 Alstrasoft | 1 Article Manager Pro | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | ||||
| CVE-2007-4083 | 1 Alstrasoft | 1 Askme Pro | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php. | ||||
| CVE-2007-4084 | 1 Alstrasoft | 1 Affiliate Network Pro | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php. | ||||
| CVE-2008-3954 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. | ||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | ||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2026-04-23 | N/A |
| AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | ||||
| CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | ||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | ||||
| CVE-2005-3795 | 1 Alstrasoft | 1 Affiliate Network Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. | ||||
| CVE-2005-3062 | 1 Alstrasoft | 1 E-friends | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter. | ||||
| CVE-2005-3026 | 1 Alstrasoft | 1 Epay | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | ||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. | ||||