6 matches found
CVE-2007-2777
CVE-2007-2777: Unrestricted file upload in AlstraSoft Template Seller Pro
CVE-2005-3797
CVE-2005-3797 affects AlstraSoft Template Seller Pro 3.25. PHP remote file inclusion via the config[basepath] parameter allows remote code execution. The vulnerability is documented by NVD; no patch/version info is included in the provided connected documents. Exploitation details or in-the-wild ...
CVE-2006-0222
The CVE-2006-0222 entry concerns an XSS vulnerability in AlstraSoft Template Seller Pro, affecting the fullview.php script where the tempid parameter can be exploited to inject arbitrary web script/HTML. Affected product: AlstraSoft Template Seller Pro; vulnerable component: fullview.php; entry d...
CVE-2007-2776
The CVE-2007-2776 entry concerns AlstraSoft Template Seller Pro (version 3.25 and earlier). A flaw in the redirect/exit handling when administrative credentials are missing allows a remote attacker to craft a request that injects a credential variable setting and gains administrative access via a...
CVE-2006-4591
CVE-2006-4591 affects AlstraSoft Template Seller (and possibly AltraSoft Template Seller Pro 3.25). The vulnerability is a PHP remote file inclusion via a URL in config[template_path] used by payment_result.php and spuser_result.php, enabling arbitrary PHP code execution. NVD lists a CVSS2 base s...
CVE-2005-3798
The CVE-2005-3798 entry describes a SQL injection vulnerability in the admin/index.php script of AlstraSoft Template Seller Pro 3.25 . The underlying issue is an injectable username parameter that permits remote attackers to execute arbitrary SQL commands. This is the only concrete detail provide...