Lucene search
+L

207 matches found

exploitpack
exploitpack
added 2012/01/20 12:0 a.m.21 views

Snitz Forums 2000 - TOPIC_ID SQL Injection

Snitz Forums 2000 - TOPICID SQL Injection source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/20 12:0 a.m.31 views

Snitz Forums 2000 - 'TOPIC_ID' SQL Injection

source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modi...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2011/09/14 12:0 a.m.17 views

Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities

The host is running Snitz and is prone to SQL injection and cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsnitzforums2000xssnsqlinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities Authors:...

7.5CVSS7.2AI score0.01084EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/09/14 12:0 a.m.35 views

Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities

Snitz is prone to SQL injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.01084EPSS
Exploits0References3
NVD
NVD
added 2011/08/24 10:55 a.m.18 views

CVE-2010-4827

Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS5.7AI score0.01053EPSS
Exploits0References4
NVD
NVD
added 2011/08/24 10:55 a.m.18 views

CVE-2010-4826

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.3AI score0.01084EPSS
Exploits0References4
Prion
Prion
added 2011/08/24 10:55 a.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS6.2AI score0.01053EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/08/24 10:55 a.m.13 views

Sql injection

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9AI score0.01084EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/08/24 10:0 a.m.46 views

CVE-2010-4827

The CVE-2010-4827 entry affects Snitz Forums 2000, version 3.4.07. It describes a Cross-site Scripting (XSS) vulnerability in the members.asp page, exploitable via the M_NAME parameter. The issue enables remote attackers to inject arbitrary web script or HTML. The NVD entry notes reliance on thir...

4.3CVSS5.9AI score0.01053EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/08/24 10:0 a.m.22 views

CVE-2010-4827

Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...

5.7AI score0.01053EPSS
Exploits0References4
CVE
CVE
added 2011/08/24 10:0 a.m.57 views

CVE-2010-4826

Snitz Forums 2000 (version 3.4.07) is affected by a SQL injection in members.asp exploitable through the M_NAME parameter, allowing remote execution of arbitrary SQL commands. Root cause is improper handling of user input in the M_NAME field. The connected OpenVAS entry confirms the SQL injection...

7.5CVSS8.6AI score0.01084EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/08/24 10:0 a.m.27 views

CVE-2010-4826

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...

8.3AI score0.01084EPSS
Exploits0References4
0day.today
0day.today
added 2010/07/16 12:0 a.m.35 views

SnitzTM Forums 2000 Version 3.4.07 (Data Base Dump) Vulnerability

Exploit for php platform in category web applications ================================================================= SnitzTM Forums 2000 Version 3.4.07 Data Base Dump Vulnerability =================================================================...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/01/07 12:0 a.m.26 views

Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection

The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...

5.9AI score
Exploits0
OpenVAS
OpenVAS
added 2010/01/06 12:0 a.m.18 views

Snitz Forums 2000 'X-Forwarded-For' SQL Injection Vulnerability

Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

0.3AI score
Exploits0References2
NVD
NVD
added 2010/01/04 9:30 p.m.17 views

CVE-2009-4554

Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...

4.3CVSS5.7AI score0.01765EPSS
Exploits1References6
Prion
Prion
added 2010/01/04 9:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...

4.3CVSS6AI score0.01765EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2010/01/04 9:0 p.m.61 views

CVE-2009-4554

CVE-2009-4554 refers to multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 version 3.4.07. The weaknesses allow remote attackers to inject arbitrary JavaScript/HTML via: (1) the url parameter to pop_send_to_friend.asp (related to a crafted onload attribute of an IMG element)...

4.3CVSS5.8AI score0.01765EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2010/01/04 9:0 p.m.24 views

CVE-2009-4554

Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...

5.7AI score0.01765EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2009/12/29 12:0 a.m.22 views

Snitz Forums 2000 Database Disclosure

============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== » Note : if the path of...

7.4AI score
Exploits0
Rows per page
Query Builder