Vulnerabilities > Alstrasoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-30 | CVE-2007-4079 | Cross-Site Scripting vulnerability in AlstraSoft SMS Text Messaging Enterprise Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. network alstrasoft | 4.3 |
| 2007-07-30 | CVE-2007-4078 | Cross-Site Scripting vulnerability in Alstrasoft Text ADS Enterprise 2.1 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. network alstrasoft | 4.3 |
| 2007-07-30 | CVE-2007-4077 | Cross-Site Scripting vulnerability in Video Share Enterprise Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. network alstrasoft | 4.3 |
| 2007-04-12 | CVE-2007-2018 | SQL-Injection vulnerability in Video Share Enterprise SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 6.5 |
| 2006-12-29 | CVE-2006-6819 | Information Disclosure vulnerability in Webhost Directory AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | 6.4 |
| 2006-12-29 | CVE-2006-6817 | Information Disclosure vulnerability in Webhost Directory AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. | 5.0 |
| 2006-05-26 | CVE-2006-2618 | Cross-Site Scripting vulnerability in Alstrasoft Webhost Directory 1.2 Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. | 4.3 |
| 2006-05-26 | CVE-2006-2617 | SQL-Injection vulnerability in Alstrasoft Webhost Directory 1.2 (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. | 5.0 |
| 2006-05-24 | CVE-2006-2567 | Cross-Site Scripting vulnerability in Alstrasoft Article Manager PRO 1.6 Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. network alstrasoft | 4.3 |
| 2006-05-24 | CVE-2006-2566 | Information Disclosure vulnerability in Alstrasoft Article Manager PRO 1.6 Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | 5.0 |