Shodan
Vulnerabilities
Vulnerable Software
Snitz Communications:  >> Snitz Forums 2000  >> 3.4.06  Security Vulnerabilities
CVE-2008-0209
Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2008-01-10
CVE-2008-0134
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-01-08
CVE-2008-0135
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
CVSS Score
5.0
EPSS Score
0.035
Published
2008-01-08
CVE-2007-6240
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-12-05
CVE-2007-1374
Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.003
Published
2007-03-10
CVE-2006-5603
SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
9.8
EPSS Score
0.004
Published
2006-10-30
CVE-2006-4796
Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).
CVSS Score
4.3
EPSS Score
0.077
Published
2006-09-14
CVE-2006-2530
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
CVSS Score
5.0
EPSS Score
0.015
Published
2006-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved