CVE-2007-6106
- EPSS 1.17%
- Published 23.11.2007 20:46:00
- Last modified 09.04.2025 00:30:58
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
CVE-2007-4080
- EPSS 0.49%
- Published 30.07.2007 17:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.
- EPSS 0.89%
- Published 22.05.2007 21:30:00
- Last modified 09.04.2025 00:30:58
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
CVE-2006-4913
- EPSS 7.46%
- Published 21.09.2006 00:07:00
- Last modified 03.04.2025 01:03:51
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the la...
CVE-2006-2564
- EPSS 0.53%
- Published 24.05.2006 20:02:00
- Last modified 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sen...
CVE-2005-3062
- EPSS 0.89%
- Published 27.09.2005 19:03:00
- Last modified 03.04.2025 01:03:51
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.