Vulnerabilities > Snitz Communications > Snitz Forums 2000 > 3.4.07
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-08-24 | CVE-2010-4827 | Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.07 Cross-site scripting (XSS) vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the M_NAME parameter. | 4.3 |
| 2011-08-24 | CVE-2010-4826 | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.07 SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. | 7.5 |
| 2010-01-04 | CVE-2009-4554 | Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.07 Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag. | 4.3 |
| 2006-05-22 | CVE-2006-2530 | Permissions, Privileges, and Access Controls vulnerability in Snitz Communications Avatar MOD 1.3 avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | 5.0 |