AlstrasoftCVEs & Vulnerabilities

56 CVEs affecting Alstrasoft products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

affiliate network pro 8webhost directory 7template seller 7video share enterprise 7e-friends 6article manager pro 5epay 5askme pro 3
CVE-2005-3795MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php.

24 Nov 2005
4.3
CVSS
CVE-2005-3796HIGH

Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.

24 Nov 2005
7.5
CVSS
CVE-2005-3798HIGH

SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.

24 Nov 2005
7.5
CVSS
CVE-2005-3797HIGHpoc

PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.

24 Nov 2005
7.5
CVSS
CVE-2005-3062HIGH

PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.

27 Sep 2005
7.5
CVSS
CVE-2005-3026MEDIUMpoc

Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.

22 Sep 2005
5.0
CVSS
CVE-2005-0981MEDIUMpoc

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.

2 May 2005
4.3
CVSS
CVE-2005-0980HIGHpoc

PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.

2 May 2005
7.5
CVSS
← PrevPage 2 / 2Next →
Alstrasoft CVEs & Vulnerabilities — 56 Tracked — Page 2