IDCVSSSummaryLast (major) updatePublished
CVE-2007-2824 10.0
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
11-10-2017 - 01:32 22-05-2007 - 21:30
CVE-2007-6106 7.5
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
15-10-2018 - 21:49 23-11-2007 - 20:46
CVE-2005-3062 7.5
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.
18-10-2016 - 03:32 27-09-2005 - 19:03
CVE-2006-2564 4.3
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sen
18-10-2018 - 16:40 24-05-2006 - 20:02
CVE-2007-4080 6.4
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
15-11-2008 - 06:55 30-07-2007 - 17:30
CVE-2006-4913 7.5
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the la
19-10-2017 - 01:29 21-09-2006 - 00:07
Back to Top Mark selected
Back to Top