National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:snitz_communications:snitz_forums_2000:3.4.06
There are 8 matching records.
Vuln ID Summary CVSS Severity
CVE-2008-0209

Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

Published: January 09, 2008; 07:46:00 PM -05:00
    V2: 5.8 MEDIUM
CVE-2008-0134

Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

Published: January 08, 2008; 02:46:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

Published: January 08, 2008; 02:46:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2007-6240

SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.

Published: December 05, 2007; 06:46:00 AM -05:00
    V2: 7.5 HIGH
CVE-2007-1374

Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: March 09, 2007; 07:19:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-5603

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published: October 30, 2006; 01:07:00 PM -05:00
    V2: 7.5 HIGH
CVE-2006-4796

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

Published: September 14, 2006; 05:07:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-2530

avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.

Published: May 22, 2006; 07:10:00 PM -04:00
    V2: 5.0 MEDIUM