Page 2 of 7 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. La función PlushSearch2 en Search.php de Simple Machines Forum (SMF)antes de v1.1.13 y v2.x antes de v2.0 RC5, usa ciertos datos almacenados en caché en una situación en la que ha sido creada una tabla temporal , a pesar de estos datos en caché solo se usan en situaciones en las que una tabla temporal no se ha creado, lo que podría permitir a atacantes remotos obtener información sensible a través de una búsqueda. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 http://www.simplemachines.org/community/index.php?topic=421547.0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. • https://www.exploit-db.com/exploits/24082 http://marc.info/?l=bugtraq&m=108377364615934&w=2 http://www.securityfocus.com/bid/10281 https://exchange.xforce.ibmcloud.com/vulnerabilities/16067 •