CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3072
https://notcve.org/view.php?id=CVE-2008-3072
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors. Aplicación Simple Machines Forum (SMF) 1.1.x anterior a v1.1.5 y v1.0.x anterior a v1.0.13, cuando es ejecutada sobre PHP anterior a 4.2.0, no inicializa adecuadamente el generador de números aleatorios, que posee un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/30955 http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2019
https://notcve.org/view.php?id=CVE-2008-2019
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. Simple Machines Forum (SMF), probablemente 1.1.4, se basa en "estática generada aleatoriamente" para obstaculizar ataques de fuerza bruta en el fichero WAV (también conocido como audio) CAPTCHA, lo cual permite a atacantes remotos pasar el test CAPTCHA a través de un ataque automatizado que considera distancias Hamming. NOTA: esta cuestión existe al parecer a causa de un insuficiente aprieto para CVE-2007-3308. • https://github.com/TheRook/AudioCaptchaBypass-CVE-2008-2019 http://securityreason.com/securityalert/3836 http://www.rooksecurity.com/blog/?p=6 http://www.securityfocus.com/archive/1/491128/100/0/threaded http://www.securityfocus.com/bid/28866 http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/42150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0775
https://notcve.org/view.php?id=CVE-2008-0775
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en sboxDB.php de Simple Machines Forum (SMF) Shoutbox de 1.14 a 1.16b. Permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de cadenas al formulario shoutbox que comienza con "&#", contiene la secuencia de comandos deseada y acaba con ";". • http://secunia.com/advisories/28900 http://securityreason.com/securityalert/3651 http://www.securityfocus.com/archive/1/487912/100/0/threaded http://www.securityfocus.com/archive/1/489964/100/0/threaded http://www.securityfocus.com/archive/1/491357/100/0/threaded http://www.securityfocus.com/bid/27727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0284
https://notcve.org/view.php?id=CVE-2008-0284
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) 1.1.4 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de argumentos (1) Itemid o (2) topic. • http://securityreason.com/securityalert/3540 http://www.securityfocus.com/archive/1/486074/100/0/threaded http://www.securityfocus.com/bid/27218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5943
https://notcve.org/view.php?id=CVE-2007-5943
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. Simple Machines Forum (SMF) 1.1.4 permite a atacantes remotos leer un mensaje en un foro privado utilizando el método avanzado de búsqueda con la opción "mostrar resultado como mensajes", en busca de posibles palabras clave que figura en el mensaje. • http://www.securityfocus.com/archive/1/483437/100/0/threaded http://www.securityfocus.com/bid/26508 • CWE-16: Configuration •