National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:snitz_communications:snitz_forums_2000:3.4.07
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2010-4827

Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information.

Published: August 24, 2011; 06:55:05 AM -04:00
    V2: 4.3 MEDIUM
CVE-2010-4826

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information.

Published: August 24, 2011; 06:55:05 AM -04:00
    V2: 7.5 HIGH
CVE-2009-4554

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.

Published: January 04, 2010; 04:30:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2006-2530

avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.

Published: May 22, 2006; 07:10:00 PM -04:00
    V2: 5.0 MEDIUM