Lucene search
K
Snitz CommunicationsSnitz Forums 2000

24 matches found

CVE
CVE
added 2003/05/14 4:0 a.m.63 views

CVE-2003-0286

Snitz Forums 2000 is vulnerable to an SQL injection in register.asp: the Email parameter is not sanitized, allowing remote attackers to execute stored procedures and potentially OS commands via SQL, including stored procedures like xp_cmdshell. Affected versions include before 3.4.03 and possibly...

7.5CVSS7.8AI score0.02442EPSS
CVE
CVE
added 2010/01/04 9:0 p.m.59 views

CVE-2009-4554

CVE-2009-4554 refers to multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 version 3.4.07. The weaknesses allow remote attackers to inject arbitrary JavaScript/HTML via: (1) the url parameter to pop_send_to_friend.asp (related to a crafted onload attribute of an IMG element)...

4.3CVSS5.8AI score0.01765EPSS
CVE
CVE
added 2006/09/14 9:0 p.m.58 views

CVE-2006-4796

CVE-2006-4796 is an XSS vulnerability in Snitz Forums 2000 3.4.06, exploitable via the sortorder parameter (strtopicsortord) in forum.asp. Remote attackers can inject arbitrary script or HTML. The provided documents do not include exploit code, specific root-cause details beyond the input paramet...

4.3CVSS5.9AI score0.02374EPSS
CVE
CVE
added 2011/08/24 10:0 a.m.57 views

CVE-2010-4826

Snitz Forums 2000 (version 3.4.07) is affected by a SQL injection in members.asp exploitable through the M_NAME parameter, allowing remote execution of arbitrary SQL commands. Root cause is improper handling of user input in the M_NAME field. The connected OpenVAS entry confirms the SQL injection...

7.5CVSS8.6AI score0.0111EPSS
CVE
CVE
added 2005/11/01 8:0 p.m.56 views

CVE-2005-3411

CVE-2005-3411 concerns a cross-site scripting (XSS) vulnerability in Snitz Forums 2000, specifically in the post.asp script used to render Topic content. The vulnerability arises from unsanitized handling of the Type parameter when generating dynamic content, enabling an attacker to inject arbitr...

4.3CVSS5.7AI score0.03653EPSS
CVE
CVE
added 2006/10/30 6:0 p.m.56 views

CVE-2006-5603

CVE-2006-5603 relates to a SQL injection in Snitz Forums 2000, specifically in the pop_mail.asp file where the RC parameter is used. The connected PT-2006-6311 entry confirms Snitz Forums 2000 version 3.4.06 as affected and identifies the vulnerability as an SQL injection that enables remote arbi...

9.8CVSS8.5AI score0.01385EPSS
CVE
CVE
added 2007/02/21 11:0 a.m.56 views

CVE-2007-1023

The CVE-2007-1023 entry concerns Snitz Forums 2000, version 3.1 SR4, where pop_profile.asp is vulnerable to SQL injection via the id parameter. This allows remote attackers to execute arbitrary SQL commands. The provided documents do not include explicit remediation steps or patched versions. No ...

7.5CVSS8.4AI score0.0101EPSS
CVE
CVE
added 2007/12/05 11:0 a.m.55 views

CVE-2007-6240

CVE-2007-6240 concerns a SQL injection in Snitz Forums 2000 (build 3.4.06) via the BuildTime parameter in active.asp, allowing remote attackers to execute arbitrary SQL commands. Affected software: Snitz Forums 2000 3.4.06. Root cause: unparameterized SQL handling in the active.asp path. Impact: ...

7.5CVSS8.4AI score0.01024EPSS
CVE
CVE
added 2008/01/10 12:0 a.m.55 views

CVE-2008-0208

The CVE-2008-0208 issue affects Snitz Forums 2000, specifically login.asp in versions 3.4.05 and earlier. The vulnerability is a reflected Cross‑site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the target parameter. The connected documents confirm ...

4.3CVSS5.7AI score0.01102EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.52 views

CVE-2003-0493

Snitz Forums 3.4.03 and earlier are affected by an authentication vulnerability where an attacker can gain privileges as another user by stealing and replaying the encrypted password after obtaining a valid session ID. The available sources (NVD entry for CVE-2003-0493 and related records) descri...

10CVSS6.9AI score0.01779EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.51 views

CVE-2003-0494

CVE-2003-0494 affects Snitz Forums 3.4.03 and earlier. The vulnerability is in password.asp: a remote attacker can reset passwords and gain privileges as other users by sending a direct request with a modified member id. Root cause appears to be parameter tampering on the member identifier, enabl...

10CVSS6.8AI score0.03823EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.49 views

CVE-2002-0329

Affected product: Snitz Forums 2000 (versions 3.3.03 and earlier). Vulnerability: cross-site scripting via crafted IMG tag SRC attribute, allowing remote attackers to execute arbitrary script as other Forum 2000 users. Root cause / details: the IMG SRC URL check is inadequate and can serve inject...

7.5CVSS7AI score0.0494EPSS
CVE
CVE
added 2008/01/10 12:0 a.m.49 views

CVE-2008-0209

CVE-2008-0209 : An open redirect vulnerability in the Forums/login.asp page of Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary external sites by supplying a malicious value in the target parameter. The provided connected documents do not specify the exa...

5.8CVSS6.7AI score0.01136EPSS
Web
CVE
CVE
added 2012/10/08 5:0 p.m.49 views

CVE-2012-5313

CVE-2012-5313 describes an SQL injection in the Snitz Forums 2000 product, specifically in forum.asp via the TOPIC_ID parameter. This allows remote attackers to manipulate SQL commands, potentially exposing or altering data. The vulnerability is tied to the Web application’s handling of TOPIC_ID ...

7.5CVSS8.7AI score0.01113EPSS
CVE
CVE
added 2008/01/08 7:0 p.m.48 views

CVE-2008-0136

CVE-2008-0136 affects Snitz Forums 2000 3.4.05. The vulnerability allows remote attackers to disclose sensitive information by requesting forum/whereami.asp, revealing the database path. The issue is a direct information disclosure via a crafted HTTP request, enabling partial confidentiality impa...

5CVSS6.2AI score0.01218EPSS
CVE
CVE
added 2008/01/08 7:0 p.m.47 views

CVE-2008-0134

CVE-2008-0134 is a cross-site scripting (XSS) vulnerability in the Forums/setup.asp component of Snitz Forums 2000, version 3.4.06 and earlier. The issue is triggered via the MAIL parameter, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry documents a base score of ...

4.3CVSS5.7AI score0.01065EPSS
Web
CVE
CVE
added 2002/06/11 4:0 a.m.46 views

CVE-2002-0607

Snitz Forums 2000, version 3.3.03 and earlier, is affected in members.asp by a SQL injection on parameters (M_NAME, UserName, FirstName, LastName, INITIAL) that enables remote attackers to execute arbitrary code. Root cause is improper input handling in the affected page, allowing injected SQL to...

7.5CVSS8.7AI score0.0238EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.46 views

CVE-2003-0492

The CVE-2003-0492 entry concerns Snitz Forums (3.4.03 and earlier) with a Cross-site Scripting (XSS) vulnerability in search.asp. The issue allows remote attackers to execute arbitrary web script by supplying a crafted value to the Search parameter. Multiple connected sources corroborate an XSS s...

6.8CVSS6.3AI score0.04265EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.46 views

CVE-2004-1687

Snitz Forums 2000 v3.4.04 has a CRLF injection vulnerability in down.asp that enables HTTP Response Splitting via the location parameter. This remote issue can alter the server's HTML output. OpenVAS data labels it as Snitz Forums 2000 HTTP Response Splitting . No explicit remediation/patch detai...

5CVSS6.8AI score0.02437EPSS
CVE
CVE
added 2011/08/24 10:0 a.m.46 views

CVE-2010-4827

The CVE-2010-4827 entry affects Snitz Forums 2000, version 3.4.07. It describes a Cross-site Scripting (XSS) vulnerability in the members.asp page, exploitable via the M_NAME parameter. The issue enables remote attackers to inject arbitrary web script or HTML. The NVD entry notes reliance on thir...

4.3CVSS5.9AI score0.01053EPSS
CVE
CVE
added 2007/03/10 12:0 a.m.45 views

CVE-2007-1374

This entry documents a Cross-site scripting (XSS) vulnerability in Snitz Forums 2000, version 3.4.06, specifically in the pop_profile.asp component where an attacker can inject arbitrary script or HTML via the MSN parameter. The vulnerability is described consistently across CVE and NVD sources, ...

4.3CVSS5.6AI score0.01033EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.44 views

CVE-2004-2720

The vulnerability CVE-2004-2720 affects Snitz Forums 2000 (versions 3.4.04 and earlier) where a cross-site scripting (XSS) flaw exists in register.asp. The root cause is unvalidated input in the Email parameter, allowing an attacker to inject arbitrary web script or HTML via javascript events. Th...

4.3CVSS6AI score0.04107EPSS
CVE
CVE
added 2008/01/08 7:0 p.m.44 views

CVE-2008-0135

CVE-2008-0135 affects Snitz Forums 2000 up to version 3.4.06, where sensitive data is stored under the web root with insufficient access control. This allows remote attackers to download the forum/snitz_forums_2000.mdb directly via HTTP, exposing the database. The impact described is exposure of ...

5CVSS6.4AI score0.02451EPSS
CVE
CVE
added 2006/06/12 8:0 p.m.39 views

CVE-2006-2959

The provided connected documents confirm CVE-2006-2959 affects Snitz Forum 3.4.05 and earlier, via an SQL injection in inc_header.asp. The vulnerability is triggered through the %strCookieURL%.GROUP parameter in a cookie, enabling remote attackers to execute arbitrary SQL commands. The NVD entry ...

7.5CVSS8.4AI score0.0145EPSS