CVE-2008-0209 - OpenCVE

Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Snitz Communications	Snitz Forums 2000

Configuration 1 [-]

OR	cpe:2.3:a:snitz_communications:snitz_forums_2000::::::::
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4::::::
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:::::::*
	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:::::::*

No data.

References

Link	Providers
http://hackerscenter.com/archive/view.asp?id=28145
http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
http://www.securityfocus.com/archive/1/485836/100/200/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-10T00:00:00

Updated: 2024-08-07T07:39:34.498Z

Reserved: 2008-01-09T00:00:00

Link: CVE-2008-0209

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-10T00:46:00.000

Modified: 2018-10-15T21:58:38.157

Link: CVE-2008-0209

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://hackerscenter.com/archive/view.asp?id=28145"}, {"name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://hackerscenter.com/archive/view.asp?id=28145", "refsource": "MISC", "url": "http://hackerscenter.com/archive/view.asp?id=28145"}, {"name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"}, {"name": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", "refsource": "MISC", "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:39:34.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://hackerscenter.com/archive/view.asp?id=28145"}, {"name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0209", "datePublished": "2008-01-10T00:00:00", "dateReserved": "2008-01-09T00:00:00", "dateUpdated": "2024-08-07T07:39:34.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B1F3BBC-EE45-4D02-B306-7501D0F2AF72", "versionEndIncluding": "3.4.06", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBAEA3C3-D65B-47B6-9A1B-CE18F7C86771", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E646E96C-F0AC-4E13-8F3A-2908AC069581", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*", "matchCriteriaId": "AEBCC803-6F31-4CA5-B8AF-42AA370E0CF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.2.03:*:*:*:*:*:*:*", "matchCriteriaId": "E212B816-692F-4C5C-AEDF-B173BEE115A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CB43A6B-03DE-4D60-AB41-87E419F82582", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*", "matchCriteriaId": "3D54E309-5D2F-4C3C-835B-7653D86E25F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*", "matchCriteriaId": "4027A962-81FD-472F-80CD-B1C3BABF3555", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*", "matchCriteriaId": "C4396E99-B5C8-4914-A3DB-76E22A10AE84", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*", "matchCriteriaId": "0D89B42F-7738-47EE-871A-FE16C53BCD81", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*", "matchCriteriaId": "FD4EF4E8-F8A9-40C4-9F89-8C64A8CF2625", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*", "matchCriteriaId": "A31D3D44-EC0B-4502-A1FA-3AE2BF4D4254", "vulnerable": true}, {"criteria": "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*", "matchCriteriaId": "C6E3811E-DE0F-4AEB-A0C8-4115E9188A79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter."}, {"lang": "es", "value": "Una vulnerabilidad de redireccionamiento abierto en el archivo Forums/login.asp en Snitz Forums 2000 versi\u00f3n 3.4.06 y anteriores, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios por medio de una URL en el par\u00e1metro target."}], "id": "CVE-2008-0209", "lastModified": "2018-10-15T21:58:38.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-01-10T00:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hackerscenter.com/archive/view.asp?id=28145"}, {"source": "cve@mitre.org", "url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}