Filtered by vendor Snitz Communications
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0286 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. | |||||
CVE-2003-0494 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 10.0 HIGH | N/A |
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id. | |||||
CVE-2002-0329 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag. | |||||
CVE-2003-0493 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID. | |||||
CVE-2002-0607 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 7.5 HIGH | N/A |
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL. |