CVE-2003-0286

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable...

CVE-2003-0286

Snitz Forums 2000 is vulnerable to an SQL injection in register.asp: the Email parameter is not sanitized, allowing remote attackers to execute stored procedures and potentially OS commands via SQL, including stored procedures like xp_cmdshell. Affected versions include before 3.4.03 and possibly...

snitz_exec.txt

Overview: Snitz Forums 2000, one of the best ASP based bulletin board systems on the market. Getting better every day! A complete board system forum that allows the user access to a friendly and intuitive interface. http://forum.snitz.com Problem Description: Snitz Forums 3.3.03 has an SQL...

PHP-Nuke 5.x6.x Web_Links Module - SQL Injection

PHP-Nuke 5.x6.x WebLinks Module - SQL Injection source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access ...

Snitz Forums 3.3.03 - Remote Command Execution

Snitz Forums 3.3.03 - Remote Command Execution !/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums 3.3.03 and probably others.\n"; print "You accept full responsibility for your actions by using this script.\n"; print "INTERNAL USE ONLY!! DO NOT DISTRIBUTE!!\n"; prin...

Snitz Forums 3.3.03 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums 3.3.03 and probably others.\n"; print "You accept full responsibility for your actions by using this script.\n"; print "INTERNAL USE ONLY!! DO NOT DISTRIBUTE!!\n"; print "\nWeb...

Snitz Forums 2000 register.asp Email Parameter SQL Injection

The remote version of Snitz Forums 2000 is vulnerable to a SQL injection attack. The 'Email' parameter of 'register.asp' is not sanitized before being used in a SQL query. A remote attacker could exploit this to execute arbitrary SQL queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Snitz Forums 3.3.03 - Remote Command Execution

!/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums 3.3.03 and probably others.\n"; print "You accept full responsibility for your actions by using this script.\n"; print "INTERNAL USE ONLY!! DO NOT DISTRIBUTE!!\n"; print "\nWeb server? www.enterthegame.com: "; my...

Snitz Forums 3.3.03 Remote Command Execution Exploit

Exploit for unknown platform in category remote exploits ==================================================== Snitz Forums 3.3.03 Remote Command Execution Exploit ==================================================== !/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums...

Snitz Forums 2000 - register.asp SQL Injection

Snitz Forums 2000 - register.asp SQL Injection source: https://www.securityfocus.com/bid/7549/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 an...

Snitz Forums 2000 - 'register.asp' SQL Injection

source: https://www.securityfocus.com/bid/7549/info Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems. Snitz is back-ended by a database and supports Microsoft Access 97/2000, SQL Server 6.5/7.0/2000 and MySQL. It is possible for a remote attacker t...

Snitz Forums 2000 3.4.03 Multiple Vulnerabilities

The remote host is using Snitz Forum 2000. This set of CGI is vulnerable to a cross-site-scripting issue that may allow attackers to steal the cookies of your users. In addition to this flaw, a user may use the file Password.ASP to reset arbitrary passwords, therefore gaining administrative acces...

Web Wiz Forums all version db stealing

.:: Decription ::. Web Wiz Forums, the free award winning ASP bulletin board system is available in a boxed version with link removal code. .:: Vendor ::. http://www.webwizguide.info .:: Problem ::. By default all passwords are kept on admin/wwforum.mdb Example:...

CrossSite Scripting @ Snitz Forums 2000

Description: The BadWord-Script-Filter can be tricked by adding the Tab-Char 0x09 into the script command. This may lead to CrossSite-Scripting. Exploit: imgjav asc ript:alert28document.cookie29/img Vendor: Has been contacted on 15. April. Patch: Available at...

Web Wiz Forums wwforum.mdb Direct Request Database Disclosure

The remote server is running Web Wiz Site Forum, a set of ASP scripts to manage online forums. This release comes with a 'wwforum.mdb' database, usually located under 'admin', that contains sensitive information, such as the user passwords and emails. An attacker may use this flaw to gain...

CVE-2002-0329

Affected product: Snitz Forums 2000 (versions 3.3.03 and earlier). Vulnerability: cross-site scripting via crafted IMG tag SRC attribute, allowing remote attackers to execute arbitrary script as other Forum 2000 users. Root cause / details: the IMG SRC URL check is inadequate and can serve inject...

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

phpnuke60.2.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Version : 6.0 & 6.5 RC2 Modules : Forums, PrivateMessages Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/Forums/viewtopic.php :...

Input Validation Error in vbulletin 2.2.x

Description: --------------- VBulletin discussion forum http://www.vbulletin.com does not properly validate the input for html tag enabled forums, allowing arbitrary JavaScript code to be run for any access level user. Prof of concept: ---------------- b onMouseOver="alertdocument.location;"This...

APBoard 2.0 2 - Unauthorized Thread Reading

source: https://www.securityfocus.com/bid/6330/info A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly check user credentials...