Search criteria
10 vulnerabilities found for epay by alstrasoft
CVE-2005-4651 (GCVE-0-2005-4651)
Vulnerability from cvelistv5 – Published: 2006-01-14 01:00 – Updated: 2024-08-07 23:53
VLAI
Summary
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://pridels0.blogspot.com/2005/11/epay-pro-pmo… | x_refsource_MISC |
| http://www.osvdb.org/21291 | vdb-entryx_refsource_OSVDB |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4651",
"datePublished": "2006-01-14T01:00:00.000Z",
"dateReserved": "2006-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:53:28.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4530 (GCVE-0-2005-4530)
Vulnerability from cvelistv5 – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/21887 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/3074 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18153 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/21883 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21891 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21885 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21892 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21888 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/16055 | vdb-entryx_refsource_BID |
| http://pridels0.blogspot.com/2005/12/alstrasoft-e… | x_refsource_MISC |
| http://www.osvdb.org/21889 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21884 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21886 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21890 | vdb-entryx_refsource_OSVDB |
Date Public
2005-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21887",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16055"
},
{
"name": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4530",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3026 (GCVE-0-2005-3026)
Vulnerability from cvelistv5 – Published: 2005-09-21 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112716394925851&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.h4cky0u.org/advisories/HYA-2005-008-al… | x_refsource_MISC |
| http://securityreason.com/securityalert/13 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=bugtraq&m=112714879101323&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/14871 | vdb-entryx_refsource_BID |
Date Public
2005-09-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"name": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3026",
"datePublished": "2005-09-21T04:00:00.000Z",
"dateReserved": "2005-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:30.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0981 (GCVE-0-2005-0981)
Vulnerability from cvelistv5 – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14802 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111247198021626&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12974 | vdb-entryx_refsource_BID |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0981",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:58.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0980 (GCVE-0-2005-0980)
Vulnerability from cvelistv5 – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14802 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111247198021626&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12973 | vdb-entryx_refsource_BID |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0980",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4651 (GCVE-0-2005-4651)
Vulnerability from nvd – Published: 2006-01-14 01:00 – Updated: 2024-08-07 23:53
VLAI
Summary
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://pridels0.blogspot.com/2005/11/epay-pro-pmo… | x_refsource_MISC |
| http://www.osvdb.org/21291 | vdb-entryx_refsource_OSVDB |
Date Public
2005-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-13T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/epay-pro-pmodule-sql-injection.html"
},
{
"name": "21291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4651",
"datePublished": "2006-01-14T01:00:00.000Z",
"dateReserved": "2006-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:53:28.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4530 (GCVE-0-2005-4530)
Vulnerability from nvd – Published: 2005-12-28 01:00 – Updated: 2024-08-07 23:46
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/21887 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2005/3074 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/18153 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/21883 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21891 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21885 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21892 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21888 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/16055 | vdb-entryx_refsource_BID |
| http://pridels0.blogspot.com/2005/12/alstrasoft-e… | x_refsource_MISC |
| http://www.osvdb.org/21889 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21884 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21886 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/21890 | vdb-entryx_refsource_OSVDB |
Date Public
2005-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16055"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21887",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16055"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21887",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21887"
},
{
"name": "ADV-2005-3074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3074"
},
{
"name": "18153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18153"
},
{
"name": "21883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21883"
},
{
"name": "21891",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21891"
},
{
"name": "21885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21885"
},
{
"name": "21892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21892"
},
{
"name": "21888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21888"
},
{
"name": "alstrasoftepay-multiple-parameters-xss(23852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23852"
},
{
"name": "16055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16055"
},
{
"name": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/alstrasoft-epay-enterprise-v30-xss.html"
},
{
"name": "21889",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21889"
},
{
"name": "21884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21884"
},
{
"name": "21886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21886"
},
{
"name": "21890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4530",
"datePublished": "2005-12-28T01:00:00.000Z",
"dateReserved": "2005-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:46:05.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3026 (GCVE-0-2005-3026)
Vulnerability from nvd – Published: 2005-09-21 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112716394925851&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.h4cky0u.org/advisories/HYA-2005-008-al… | x_refsource_MISC |
| http://securityreason.com/securityalert/13 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://marc.info/?l=bugtraq&m=112714879101323&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/14871 | vdb-entryx_refsource_BID |
Date Public
2005-09-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112716394925851\u0026w=2"
},
{
"name": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt"
},
{
"name": "13",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/13"
},
{
"name": "alstrasoft-epay-index-directory-traversal(22313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22313"
},
{
"name": "20050918 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037225.html"
},
{
"name": "20050919 Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112714879101323\u0026w=2"
},
{
"name": "14871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3026",
"datePublished": "2005-09-21T04:00:00.000Z",
"dateReserved": "2005-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:30.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0981 (GCVE-0-2005-0981)
Vulnerability from nvd – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14802 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111247198021626&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12974 | vdb-entryx_refsource_BID |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0981",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:58.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0980 (GCVE-0-2005-0980)
Vulnerability from nvd – Published: 2005-04-05 04:00 – Updated: 2024-08-07 21:35
VLAI
Summary
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/14802 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111247198021626&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/12973 | vdb-entryx_refsource_BID |
Date Public
2005-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111247198021626\u0026w=2"
},
{
"name": "12973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0980",
"datePublished": "2005-04-05T04:00:00.000Z",
"dateReserved": "2005-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:35:59.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}