CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5727
https://notcve.org/view.php?id=CVE-2016-5727
09 Feb 2017 — LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. LogInOut.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de vectores relacionados con las variables derivadas de la entrada del usuario en un bucle foreach. • http://www.openwall.com/lists/oss-security/2016/06/10/7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2013-7234
https://notcve.org/view.php?id=CVE-2013-7234
29 Apr 2014 — Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos realizar ataques de clickjacking a través de una cabecera X-Frame-Options. • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 71EXPL: 0CVE-2013-7235
https://notcve.org/view.php?id=CVE-2013-7235
29 Apr 2014 — Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos suplantar usuarios arbitrarios a través de múltiples caracteres de espacio. • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 55EXPL: 0CVE-2013-7236
https://notcve.org/view.php?id=CVE-2013-7236
29 Apr 2014 — Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Simple Machines Forum (SMF) 2.0.6, 1.1.19, y anteriores permite a atacantes remotos suplantar usuarios arbitrarios a través de un carácter Unicode homógrafos en un nombre de usuario. • http://seclists.org/fulldisclosure/2013/Dec/83 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2013-4465
https://notcve.org/view.php?id=CVE-2013-4465
25 Oct 2013 — Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. vulnerabilidad de subida sin restricción de archivos en la funcionalidad avatar upload en Simple Machines Forum antes de 2.0.6 y 2.1 que permite a los usuarios remotos autenticados ejecutar código arbit... • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt •