NotCVE - vendor:"Simple Machines" product:"Smf"

8 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

CVE-2012-5903 – Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-5903

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) v2.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro programado a index.php. • https://www.exploit-db.com/exploits/37027 http://osvdb.org/80766 http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html http://www.securityfocus.com/bid/52822 https://exchange.xforce.ibmcloud.com/vulnerabilities/74521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

CVE-2009-2385 – SMF Mod Member Awards 1.0.2 - Blind SQL Injection

https://notcve.org/view.php?id=CVE-2009-2385

SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en la función awardsMembers en Sources/Profile.php en el componente Member Awards para Simple Machines Forum /SMF), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción "profile" al index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/9050 http://secunia.com/advisories/35661 http://www.exploit-db.com/exploits/9050 http://www.securityfocus.com/bid/35536 https://exchange.xforce.ibmcloud.com/vulnerabilities/51441 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2008-2019

https://notcve.org/view.php?id=CVE-2008-2019

Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. Simple Machines Forum (SMF), probablemente 1.1.4, se basa en "estática generada aleatoriamente" para obstaculizar ataques de fuerza bruta en el fichero WAV (también conocido como audio) CAPTCHA, lo cual permite a atacantes remotos pasar el test CAPTCHA a través de un ataque automatizado que considera distancias Hamming. NOTA: esta cuestión existe al parecer a causa de un insuficiente aprieto para CVE-2007-3308. • https://github.com/TheRook/AudioCaptchaBypass-CVE-2008-2019 http://securityreason.com/securityalert/3836 http://www.rooksecurity.com/blog/?p=6 http://www.securityfocus.com/archive/1/491128/100/0/threaded http://www.securityfocus.com/bid/28866 http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/42150 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-0775

https://notcve.org/view.php?id=CVE-2008-0775

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en sboxDB.php de Simple Machines Forum (SMF) Shoutbox de 1.14 a 1.16b. Permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de cadenas al formulario shoutbox que comienza con "&#", contiene la secuencia de comandos deseada y acaba con ";". • http://secunia.com/advisories/28900 http://securityreason.com/securityalert/3651 http://www.securityfocus.com/archive/1/487912/100/0/threaded http://www.securityfocus.com/archive/1/489964/100/0/threaded http://www.securityfocus.com/archive/1/491357/100/0/threaded http://www.securityfocus.com/bid/27727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-0284

https://notcve.org/view.php?id=CVE-2008-0284

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) 1.1.4 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de argumentos (1) Itemid o (2) topic. • http://securityreason.com/securityalert/3540 http://www.securityfocus.com/archive/1/486074/100/0/threaded http://www.securityfocus.com/bid/27218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2