RSS   Vulnerabilities for 'E-friends'   RSS

2007-11-23
 
CVE-2007-6106

CWE-89
 
 
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.

 
2007-07-30
 
CVE-2007-4080

 
 
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.

 
2007-05-22
 
CVE-2007-2824

 
 
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.

 
2006-09-20
 
CVE-2006-4913

 
 
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.

 
2006-05-24
 
CVE-2006-2564

CWE-Other
 
 
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.

 
2005-09-27
 
CVE-2005-3062

 
 
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.

 

 >>> Vendor: Alstrasoft 15 Products
EPAY
E-friends
Affiliate network pro
Template seller
Article manager pro
Webhost directory
Video share enterprise
Live support
Text ads enterprise
Sms text messaging enterprise
Askme pro
Forum pay per post exchange
Askme
Web email script enterprise
Sendit

Copyright 2024, cxsecurity.com

 

Back to Top