207 matches found
Snitz Forums 2000 - TOPIC_ID SQL Injection
Snitz Forums 2000 - TOPICID SQL Injection source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to...
Snitz Forums 2000 - 'TOPIC_ID' SQL Injection
source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modi...
Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities
The host is running Snitz and is prone to SQL injection and cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsnitzforums2000xssnsqlinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities Authors:...
Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities
Snitz is prone to SQL injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-4827
Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-4826
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-4827
The CVE-2010-4827 entry affects Snitz Forums 2000, version 3.4.07. It describes a Cross-site Scripting (XSS) vulnerability in the members.asp page, exploitable via the M_NAME parameter. The issue enables remote attackers to inject arbitrary web script or HTML. The NVD entry notes reliance on thir...
CVE-2010-4827
Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...
CVE-2010-4826
Snitz Forums 2000 (version 3.4.07) is affected by a SQL injection in members.asp exploitable through the M_NAME parameter, allowing remote execution of arbitrary SQL commands. Root cause is improper handling of user input in the M_NAME field. The connected OpenVAS entry confirms the SQL injection...
CVE-2010-4826
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...
SnitzTM Forums 2000 Version 3.4.07 (Data Base Dump) Vulnerability
Exploit for php platform in category web applications ================================================================= SnitzTM Forums 2000 Version 3.4.07 Data Base Dump Vulnerability =================================================================...
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...
Snitz Forums 2000 'X-Forwarded-For' SQL Injection Vulnerability
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
CVE-2009-4554
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
CVE-2009-4554
CVE-2009-4554 refers to multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 version 3.4.07. The weaknesses allow remote attackers to inject arbitrary JavaScript/HTML via: (1) the url parameter to pop_send_to_friend.asp (related to a crafted onload attribute of an IMG element)...
CVE-2009-4554
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
Snitz Forums 2000 Database Disclosure
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== » Note : if the path of...