RSS   Vulnerabilities for 'Article manager pro'   RSS

2008-12-17
 
CVE-2008-5649

CWE-89
 

 
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.

 
2007-07-30
 
CVE-2007-4082

 

 
Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

 
2006-05-24
 
CVE-2006-2567

 

 
Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.

 
 
CVE-2006-2566

 

 
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.

 
 
CVE-2006-2565

 

 
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.

 

 >>> Vendor: Alstrasoft 15 Products
EPAY
E-friends
Affiliate network pro
Template seller
Article manager pro
Webhost directory
Video share enterprise
Live support
Text ads enterprise
Sms text messaging enterprise
Askme pro
Forum pay per post exchange
Askme
Web email script enterprise
Sendit


Copyright 2017, cxsecurity.com

 

Back to Top