Snitz Communications

Snitz Forums 2000

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2012-5313

Exploit
  • EPSS 0.93%
  • Veröffentlicht 08.10.2012 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.

4.3

CVE-2010-4827

  • EPSS 0.29%
  • Veröffentlicht 24.08.2011 10:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information.

7.5

CVE-2010-4826

  • EPSS 0.4%
  • Veröffentlicht 24.08.2011 10:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information.

4.3

CVE-2009-4554

Exploit
  • EPSS 1.04%
  • Veröffentlicht 04.01.2010 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element...

5.8

CVE-2008-0209

Exploit
  • EPSS 0.28%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

4.3

CVE-2008-0208

Exploit
  • EPSS 0.34%
  • Veröffentlicht 10.01.2008 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.

5

CVE-2008-0136

  • EPSS 0.32%
  • Veröffentlicht 08.01.2008 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.

5

CVE-2008-0135

  • EPSS 5.09%
  • Veröffentlicht 08.01.2008 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

4.3

CVE-2008-0134

  • EPSS 0.33%
  • Veröffentlicht 08.01.2008 19:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

7.5

CVE-2007-6240

Exploit
  • EPSS 0.57%
  • Veröffentlicht 05.12.2007 11:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.