Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5313 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. | |||||
| CVE-2010-4827 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4826 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0134 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. | |||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | |||||
| CVE-2008-0208 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. | |||||
| CVE-2007-1374 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4554 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag. | |||||
| CVE-2008-0209 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. | |||||
| CVE-2008-0135 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. | |||||
| CVE-2007-1023 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2007-6240 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter. | |||||
| CVE-2002-0607 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL. | |||||
| CVE-2003-0493 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 10.0 HIGH | N/A |
| Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID. | |||||
| CVE-2006-2959 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. | |||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | |||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | |||||
| CVE-2005-3411 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method. | |||||
| CVE-2003-0286 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. | |||||