Aggregates CVE and security vulnerability intelligence across all altools-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk cross-site scripting and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-7809 | ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. | [email protected] | 4.4 | 0.63% | 2020-05-15 | 2026-06-16 |
| CVE-2007-4550 | Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | [email protected] | 5.1 | 4.48% | 2007-08-27 | 2026-06-16 |
| CVE-2007-4549 | Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value. | [email protected] | 6.8 | 4.96% | 2007-08-27 | 2026-06-16 |
| CVE-2006-5950 | Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | [email protected] | 5.0 | 1.28% | 2006-11-16 | 2026-06-16 |
| CVE-2006-5949 | Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | [email protected] | 5.0 | 1.61% | 2006-11-16 | 2026-06-16 |