Vulnerabilities > Alstrasoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-30 | CVE-2007-4080 | Cross-Site Scripting vulnerability in Alstrasoft E-Friends 4.0 Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. | 6.4 |
| 2007-07-30 | CVE-2007-4079 | Cross-Site Scripting vulnerability in AlstraSoft SMS Text Messaging Enterprise Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. network alstrasoft | 4.3 |
| 2007-07-30 | CVE-2007-4078 | Cross-Site Scripting vulnerability in Alstrasoft Text ADS Enterprise 2.1 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. network alstrasoft | 4.3 |
| 2007-07-30 | CVE-2007-4077 | Cross-Site Scripting vulnerability in Video Share Enterprise Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. network alstrasoft | 4.3 |
| 2007-05-22 | CVE-2007-2824 | SQL Injection vulnerability in AlstraSoft E-Friends Pack Parameter SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | 10.0 |
| 2007-05-21 | CVE-2007-2777 | Multiple vulnerability in AlstraSoft Template Seller Pro Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | 7.5 |
| 2007-05-21 | CVE-2007-2776 | Multiple vulnerability in AlstraSoft Template Seller Pro AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | 10.0 |
| 2007-05-21 | CVE-2007-2775 | Unspecified vulnerability in Alstrasoft Live Support 1.21 AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | 10.0 |
| 2007-04-12 | CVE-2007-2018 | SQL-Injection vulnerability in Video Share Enterprise SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 6.5 |
| 2007-04-12 | CVE-2007-2017 | Remote vulnerability in AlstraSoft Video Share Enterprise siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. | 7.5 |