Snitz Communications

Snitz Forums 2000

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-1374

  • EPSS 0.33%
  • Veröffentlicht 10.03.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtain...

7.5

CVE-2007-1023

Exploit
  • EPSS 0.68%
  • Veröffentlicht 21.02.2007 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5

CVE-2006-5603

Exploit
  • EPSS 0.55%
  • Veröffentlicht 30.10.2006 18:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party in...

4.3

CVE-2006-4796

Exploit
  • EPSS 6.45%
  • Veröffentlicht 14.09.2006 21:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

7.5

CVE-2006-2959

Exploit
  • EPSS 0.96%
  • Veröffentlicht 12.06.2006 20:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

4.3

CVE-2005-3411

Exploit
  • EPSS 0.81%
  • Veröffentlicht 01.11.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.

4.3

CVE-2004-2720

Exploit
  • EPSS 9.07%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.

5

CVE-2004-1687

Exploit
  • EPSS 7.75%
  • Veröffentlicht 16.09.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.

10

CVE-2003-0494

  • EPSS 0.93%
  • Veröffentlicht 07.08.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.

10

CVE-2003-0493

  • EPSS 0.46%
  • Veröffentlicht 07.08.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.