VYPR

Forums 2000

by Snitz Communications

CVEs (24)

  • CVE-2006-2959Jun 12, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

  • CVE-2003-0493Aug 7, 2003
    risk 0.00cvss epss 0.02

    Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.

  • CVE-2003-0494Aug 7, 2003
    risk 0.00cvss epss 0.04

    password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id.

  • CVE-2003-0286Jun 16, 2003
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.

Page 2 of 2