Web Wiz Forum 6.34/7.0/7.5 - Unauthorized Private Forum Access

source: https://www.securityfocus.com/bid/8957/info A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is used, Web Wiz Forum will allegedly fa...

Multiple Vulnerabilities in Led-Forums

Product: Led-Forums Versions: Beta 1 Vulnerability: XSS- and redirection-Bug Date: October 30, 2003 Discovered by: ProXy [email protected] 1. - XSS-Bug The Welcome-Message of the Led-Forums software could be changed by everybody. Normal Text, HTML and Javascript it's all allowed! : eg:...

Web Wiz Forums ver. 7.01

Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 and less ? Patched version : none Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - forummembers.asp - members.asp - pmbuddylist.asp Exploits : °°°°°°°°...

JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5

+-----------------------------+ Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5 Author: nimber [email protected] Date: 10/06/2003 +-----------------------------+ Vendor: http://www.minihttpserver.net Version: 1.5 and older versions? Shareware :...

CVE-2003-0493

Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID...

CVE-2003-0492

Cross-site scripting XSS vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter...

CVE-2003-0494

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id...

CVE-2003-0493

Snitz Forums 3.4.03 and earlier are affected by an authentication vulnerability where an attacker can gain privileges as another user by stealing and replaying the encrypted password after obtaining a valid session ID. The available sources (NVD entry for CVE-2003-0493 and related records) descri...

CVE-2003-0492

The CVE-2003-0492 entry concerns Snitz Forums (3.4.03 and earlier) with a Cross-site Scripting (XSS) vulnerability in search.asp. The issue allows remote attackers to execute arbitrary web script by supplying a crafted value to the Search parameter. Multiple connected sources corroborate an XSS s...

CVE-2003-0494

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id...

CVE-2003-0493

Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID...

CVE-2003-0494

CVE-2003-0494 affects Snitz Forums 3.4.03 and earlier. The vulnerability is in password.asp: a remote attacker can reset passwords and gain privileges as other users by sending a direct request with a modified member id. Root cause appears to be parameter tampering on the member identifier, enabl...

CVE-2003-0492

Cross-site scripting XSS vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter...

Multiple Vulnerabilities In Snitz Forums

Multiple Vulnerabilities In Snitz 3.4.0.3 ------------------------------------------- Versions Affected: 3.4.0.3 current / Others? Vendor Notification: Informed Vendor Website: http://www.snitz.com Product Description ------------------------------------------- Snitz Forums is a full-featured...

MiniHTTPServer Web Forums Server 1.x/2.0 - Directory Traversal

source: https://www.securityfocus.com/bid/7955/info It has been reported that WebForums Server does not properly handle some types of requests. Because of this, attackers may be able to gain access to files on the host server with the privileges of the web server process...

CVE-2003-0286

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable...

Snitz Forums 2000 3.4.0.3 - Multiple Vulnerabilities

Snitz Forums 2000 3.4.0.3 - Multiple Vulnerabilities Snitz Forums 2000 Multiple Vulnerabilities Vendor: Snitz Communications Product: Snitz Forums 2000 Version: alertdocument.cookie Cookie Authentication Bypass Vulnerability: In order to steal another users identity, all an attacker needs to know...

Snitz Forums 2000 3.4.03 - search.asp Cross-Site Scripting

Snitz Forums 2000 3.4.03 - search.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/7922/info Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. Exploitation may allow theft of...

Snitz Forums 2000 3.4.03 - 'search.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7922/info Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters. Exploitation may allow theft of cookie-based authentication credentials or other attacks...

Snitz Forums 2000 < 3.4.0.3 - Multiple Vulnerabilities

Snitz Forums 2000 Multiple Vulnerabilities Vendor: Snitz Communications Product: Snitz Forums 2000 Version: alertdocument.cookie Cookie Authentication Bypass Vulnerability: In order to steal another users identity, all an attacker needs to know is thier encrypted password. This is not very hard t...