Export limit exceeded: 363307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (56 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3386 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
CVE-2008-2902 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
CVE-2007-2775 1 Alstrasoft 1 Live Support 2026-04-23 N/A
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
CVE-2007-2776 1 Alstrasoft 1 Template Seller 2026-04-23 N/A
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
CVE-2007-2824 1 Alstrasoft 1 E-friends 2026-04-23 N/A
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
CVE-2008-0429 1 Alstrasoft 1 Forum Pay Per Post Exchange 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
CVE-2008-6932 1 Alstrasoft 1 Sendit 2026-04-23 N/A
Unrestricted file upload vulnerability in submit_file.php in AlstraSoft SendIt Pro allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in send/files/.
CVE-2007-4077 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.
CVE-2007-4083 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.
CVE-2007-4084 1 Alstrasoft 1 Affiliate Network Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
CVE-2007-4087 1 Alstrasoft 1 Video Share Enterprise 2026-04-23 N/A
AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.
CVE-2006-6819 1 Alstrasoft 1 Webhost Directory 2026-04-23 N/A
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.
CVE-2006-6817 1 Alstrasoft 1 Webhost Directory 2026-04-23 N/A
AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
CVE-2006-6818 1 Alstrasoft 1 Webhost Directory 2026-04-23 N/A
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
CVE-2008-5751 1 Alstrasoft 1 Web Email Script Enterprise 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
CVE-2007-4080 1 Alstrasoft 1 E-friends 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
CVE-2007-4082 1 Alstrasoft 1 Article Manager Pro 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2007-4085 1 Alstrasoft 1 Askme Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the (1) que_id parameter to forum_answer.php or (2) the cat_id parameter to search.php.
CVE-2007-6106 1 Alstrasoft 1 E-friends 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
CVE-2008-3954 1 Alstrasoft 1 Forum Pay Per Post Exchange 2026-04-23 N/A
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.