Vulnerabilities > Altools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-15 | CVE-2020-7809 | Cross-site Scripting vulnerability in Altools Alsong 3.46 ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. | 4.3 |
| 2007-08-28 | CVE-2007-4550 | USE of Externally-Controlled Format String vulnerability in Altools Alpass 2.7/3.02 Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | 5.1 |
| 2007-08-28 | CVE-2007-4549 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Altools Alpass 2.7/3.02 Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value. | 6.8 |
| 2006-11-17 | CVE-2006-5950 | Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1 Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. | 5.0 |
| 2006-11-17 | CVE-2006-5949 | Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1 Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. | 5.0 |