Lucene search
K
AlstrasoftWebhost Directory

7 matches found

CVE
CVE
added 2006/05/26 1:0 a.m.56 views

CVE-2006-2617

Affected products: AlstraSoft Web Host Directory 1.2 (aka HyperStop WebHost Directory 1.2). Root cause: an invalid entry in the Username field on the login page can produce an SQL error that reveals the installation path, potentially due to SQL injection. Impact: partial disclosure of installatio...

5CVSS7.5AI score0.01654EPSS
CVE
CVE
added 2006/12/29 11:0 a.m.53 views

CVE-2006-6819

CVE-2006-6819 concerns AlstraSoft Web Host Directory, where sensitive information is stored under the web root due to insufficient access control. The vulnerability allows remote attackers to download a backup database by issuing a direct request to admin/backup/db. The public records indicate th...

6.4CVSS6.7AI score0.01816EPSS
CVE
CVE
added 2008/12/17 6:0 p.m.49 views

CVE-2008-5650

CVE-2008-5650 is a reported SQL injection vulnerability in the login directory of AlstraSoft Web Host Directory, exploitable via the pwd parameter to execute arbitrary SQL commands remotely. The CVSS v2 base score is 7.5 (HIGH), with network attack vector, low complexity, and no authentication re...

7.5CVSS8.4AI score0.01051EPSS
CVE
CVE
added 2006/12/29 11:0 a.m.47 views

CVE-2006-6818

CVE-2006-6818 affects AlstraSoft Web Host Directory. The vulnerability allows remote attackers to bypass authentication and change the admin password via a direct request to /admin/config. CVSS v2 base score 7.5 (HIGH) with network attack vector and no authentication required; impact includes par...

7.5CVSS7.5AI score0.01511EPSS
CVE
CVE
added 2006/12/29 11:0 a.m.46 views

CVE-2006-6817

The CVE-2006-6817 issue affects AlstraSoft Web Host Directory (also listed as HyperStop WebHost Directory 1.2). Affected component: login/URI handling that, when an invalid URI is requested, exposes the installation path in the error message, enabling a remote attacker to obtain sensitive informa...

5CVSS6.1AI score0.01076EPSS
CVE
CVE
added 2006/05/26 1:0 a.m.45 views

CVE-2006-2616

The CVE-2006-2616 entry describes an SQL injection in the search script of AlstraSoft Web Host Directory 1.2 (also listed as HyperStop WebHost Directory 1.2). The vulnerability allows remote attackers to execute arbitrary SQL commands via the uri parameter, enabling potential data exposure or mod...

7.5CVSS8.3AI score0.01413EPSS
CVE
CVE
added 2006/05/26 1:0 a.m.42 views

CVE-2006-2618

The CVE-2006-2618 entry describes a cross-site scripting (XSS) vulnerability in AlstraSoft Web Host Directory 1.2 and HyperStop WebHost Directory 1.2, exploitable via the "+write a review" box. The flaw allows remote attackers to inject arbitrary web script or HTML, with the issue arising because...

4.3CVSS5.6AI score0.0118EPSS