CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3309
https://notcve.org/view.php?id=CVE-2007-3309
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. Vulnerabilidad no especificada en Simple Machines Forum (SMF) 1.1.2 permite a atacantes remotos ejecutar código PHP de su elección durante la (1) creación o (2) edición de un mensaje. • http://osvdb.org/40433 http://securitytracker.com/id?1018260 http://securityvulns.ru/Rdocument271.html http://www.securityfocus.com/archive/1/471641/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34908 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3308
https://notcve.org/view.php?id=CVE-2007-3308
Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. Simple Machines Forum (SMF) 1.1.2 utiliza un método de concatenación con aleatoriedad insuficiente al crear el CAPTCHA de un fichero WAV, lo cual permite a atacantes remotos evitar el test del CAPTCHA mediante un ataque automatizado por fuerza bruta. • http://osvdb.org/40617 http://securitytracker.com/id?1018260 http://securityvulns.ru/Rdocument271.html http://www.securityfocus.com/archive/1/471641/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34907 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2546
https://notcve.org/view.php?id=CVE-2007-2546
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Vulnerabilidad de fijación de sesión en Simple Machines Forum (SMF) 1.1.2 y versiones anteriores permite a atacantes remotos secuestrar sesiones web estableciendo el parámetro PHPSESSID. • http://osvdb.org/35705 http://secunia.com/advisories/25139 http://securityreason.com/securityalert/2676 http://www.majorsecurity.de/index_2.php?major_rls=major_rls47 http://www.securityfocus.com/archive/1/467748/100/0/threaded http://www.securityfocus.com/archive/1/471414/100/0/threaded http://www.securityfocus.com/bid/24482 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-7013
https://notcve.org/view.php?id=CVE-2006-7013
QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue ** IMPUGNADA ** QueryString.php de Simple Machines Forum (SMF) 1.0.7 y anteriores, y 1.1rc2 y anteriores, permite a atacantes remotos falsear más fácilmente la dirección IP y evitar la expulsión mediante una cabecera HTTP X-Forwarded-For modificada, la cual se utiliza preferentemente en lugar de otras fuentes más confiables para obtener la dirección IP. NOTA: el investigador original afirma que el fabricante ha negado este problema. • http://securityreason.com/securityalert/2256 http://www.securityfocus.com/archive/1/435686/30/4740/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27082 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0399 – SMF 1.1 - 'index.php' HTML Injection
https://notcve.org/view.php?id=CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de Simple Machines Forum (SMF) 1.1 RC3 permite a atacantes remotos autenticados inyectar scripts web o HTML de su elección mediante el campo (1) recipient ó (2) BCC cuando se selecciona envío (send) en una acción pm. • https://www.exploit-db.com/exploits/29499 http://aria-security.com/forum/showthread.php?p=128 http://osvdb.org/32606 http://securityreason.com/securityalert/2169 http://www.securityfocus.com/archive/1/457508/100/0/threaded http://www.securityfocus.com/archive/1/457627/100/0/threaded http://www.securityfocus.com/archive/1/457761/100/200/threaded http://www.securityfocus.com/archive/1/458194/100/100/threaded http://www.securityfocus.com/archive/1/458904/100/0/threaded ht •