5 matches found
CVE-2005-0980
Vulnerability: CVE-2005-0980 affects AlstraSoft EPay Pro 2.0 (index.php) through a PHP remote file inclusion via the view parameter, enabling arbitrary PHP code execution when an attacker references a URL on a remote server. Root cause: insufficient input validation/ sanitization allowing inclusi...
CVE-2005-4530
CVE-2005-4530 : Affected product is AlstraSoft EPay Enterprise 3.0 (formerly DoPays). The issue is multiple cross-site scripting (XSS) vulnerabilities in pages such as profile.htm, card.htm, bank.htm, subscriptions.htm, send.htm, request.htm, forgot.htm, escrow.htm, donations.htm, and products.ht...
CVE-2005-0981
CVE-2005-0981 describes multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 that allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. The NVD entry lists a base score of 4.3 (MEDIUM) with network attack vector, no conf...
CVE-2005-4651
The CVE-2005-4651 entry describes an SQL injection vulnerability in index.php of AlstraSoft EPay Pro 2.0, exploitable via the pmodule parameter to execute arbitrary SQL commands remotely. Affected component: index.php in AlstraSoft EPay Pro 2.0; root cause is injectable SQL through pmodule. Docum...
CVE-2005-3026
The vulnerability CVE-2005-3026 affects Alstrasoft Epay Pro 2.0 and earlier, allowing remote attackers to read arbitrary files through a directory traversal in the read parameter (..). The issue is described in the NVD entry as a directory traversal in index.php. No remediation details are provid...