Snitz Communications: Security Vulnerabilities
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
CVSS Score
10.0
EPSS Score
0.005
Published
2003-08-07
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.
CVSS Score
10.0
EPSS Score
0.009
Published
2003-08-07
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
CVSS Score
7.5
EPSS Score
0.01
Published
2003-06-16
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
CVSS Score
7.5
EPSS Score
0.237
Published
2002-06-25
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
CVSS Score
7.5
EPSS Score
0.017
Published
2002-06-18
Page 3