RSS   Vulnerabilities for 'Snitz forums'   RSS

2008-01-09
 
CVE-2008-0209

CWE-20
 
 
Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

 
 
CVE-2008-0208

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.

 
2008-01-08
 
CVE-2008-0136

CWE-200
 
 
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.

 
 
CVE-2008-0135

CWE-264
 
 
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

 
 
CVE-2008-0134

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

 
2007-12-05
 
CVE-2007-6240

CWE-89
 
 
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.

 

 >>> Vendor: Snitz forums 2000 2 Products
Avatar mod
Snitz forums

Copyright 2024, cxsecurity.com

 

Back to Top