GCVE - cpe:2.3:a:alstrasoft:webhost_directory:1.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alstrasoft:webhost_directory:1.2:*:*:*:*:*:*:*

part: a version: 1.2 update: *

Vendor	Alstrasoft (`a4963e9f-6c7e-59f9-91ba-7bec89015e6d`)
Product	Webhost Directory (`d319db43-fb29-557a-a549-7940dccc2dd1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-2618`	vulnerable	2026-06-03 14:27:32.708417	Details available Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. Published: 2006-05-26T01:00:00.000Z Updated: 2024-08-07T17:58:51.455Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/955 http://www.sitepoint.com/forums/showthread.php?t=311969 https://exchange.xforce.ibmcloud.com/vulnerabilities/26666 http://www.securityfocus.com/archive/1/434912/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26665	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2617`	vulnerable	2026-06-03 14:27:32.708115	Details available (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection. Published: 2006-05-26T01:00:00.000Z Updated: 2024-08-07T17:58:51.925Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/26661 https://exchange.xforce.ibmcloud.com/vulnerabilities/26656 http://securityreason.com/securityalert/955 http://www.sitepoint.com/forums/showthread.php?t=311969 http://www.vupen.com/english/advisories/2006/1972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2616`	vulnerable	2026-06-03 14:27:32.707703	Details available SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter. Published: 2006-05-26T01:00:00.000Z Updated: 2024-08-07T17:58:51.864Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/26653 http://securityreason.com/securityalert/955 https://exchange.xforce.ibmcloud.com/vulnerabilities/26658 http://www.vupen.com/english/advisories/2006/1972 http://www.securityfocus.com/archive/1/434912/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.