Vulnerabilities > Snitz Communications > Snitz Forums 2000 > High

DATE CVE VULNERABILITY TITLE RISK
2012-10-08 CVE-2012-5313 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
network
low complexity
snitz-communications CWE-89
7.5
2011-08-24 CVE-2010-4826 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.07
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter.
network
low complexity
snitz-communications CWE-89
7.5
2007-12-05 CVE-2007-6240 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
network
low complexity
snitz-communications CWE-89
7.5
2007-02-21 CVE-2007-1023 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.1
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
snitz-communications
7.5
2006-10-30 CVE-2006-5603 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06
SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter.
network
low complexity
snitz-communications
7.5
2006-06-12 CVE-2006-2959 SQL Injection vulnerability in Snitz Forums inc_header.ASP
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
network
low complexity
snitz-communications
7.5
2003-06-16 CVE-2003-0286 SQL Injection vulnerability in Snitz Communications Snitz Forums 2000
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
network
low complexity
snitz-communications CWE-89
7.5
2002-06-25 CVE-2002-0329 Unspecified vulnerability in Snitz Communications Snitz Forums 2000
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
network
low complexity
snitz-communications
7.5
2002-06-18 CVE-2002-0607 SQL Injection vulnerability in Snitz Forums 2000 Members.ASP
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
network
low complexity
snitz-communications
7.5