7 matches found
CVE-2006-2617
Affected products: AlstraSoft Web Host Directory 1.2 (aka HyperStop WebHost Directory 1.2). Root cause: an invalid entry in the Username field on the login page can produce an SQL error that reveals the installation path, potentially due to SQL injection. Impact: partial disclosure of installatio...
CVE-2006-6819
CVE-2006-6819 concerns AlstraSoft Web Host Directory, where sensitive information is stored under the web root due to insufficient access control. The vulnerability allows remote attackers to download a backup database by issuing a direct request to admin/backup/db. The public records indicate th...
CVE-2008-5650
CVE-2008-5650 is a reported SQL injection vulnerability in the login directory of AlstraSoft Web Host Directory, exploitable via the pwd parameter to execute arbitrary SQL commands remotely. The CVSS v2 base score is 7.5 (HIGH), with network attack vector, low complexity, and no authentication re...
CVE-2006-6818
CVE-2006-6818 affects AlstraSoft Web Host Directory. The vulnerability allows remote attackers to bypass authentication and change the admin password via a direct request to /admin/config. CVSS v2 base score 7.5 (HIGH) with network attack vector and no authentication required; impact includes par...
CVE-2006-6817
The CVE-2006-6817 issue affects AlstraSoft Web Host Directory (also listed as HyperStop WebHost Directory 1.2). Affected component: login/URI handling that, when an invalid URI is requested, exposes the installation path in the error message, enabling a remote attacker to obtain sensitive informa...
CVE-2006-2616
The CVE-2006-2616 entry describes an SQL injection in the search script of AlstraSoft Web Host Directory 1.2 (also listed as HyperStop WebHost Directory 1.2). The vulnerability allows remote attackers to execute arbitrary SQL commands via the uri parameter, enabling potential data exposure or mod...
CVE-2006-2618
The CVE-2006-2618 entry describes a cross-site scripting (XSS) vulnerability in AlstraSoft Web Host Directory 1.2 and HyperStop WebHost Directory 1.2, exploitable via the "+write a review" box. The flaw allows remote attackers to inject arbitrary web script or HTML, with the issue arising because...