CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5726
https://notcve.org/view.php?id=CVE-2016-5726
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. Packages.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro de array themechanges. • http://www.openwall.com/lists/oss-security/2016/06/10/7 http://www.openwall.com/lists/oss-security/2016/06/18/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 71EXPL: 0CVE-2013-7235
https://notcve.org/view.php?id=CVE-2013-7235
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos suplantar usuarios arbitrarios a través de múltiples caracteres de espacio. • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt http://seclists.org/fulldisclosure/2013/Dec/83 http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software http://www.openwall.com/lists/oss-security/2013/12/30/1 http://www.openwall.com/lists/oss-security/2013/12/30/3 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 71EXPL: 0CVE-2013-7234
https://notcve.org/view.php?id=CVE-2013-7234
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Simple Machines Forum (SMF) anterior a 1.1.19 y 2.x anterior a 2.0.6 permite a atacantes remotos realizar ataques de clickjacking a través de una cabecera X-Frame-Options. • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt http://seclists.org/fulldisclosure/2013/Dec/83 http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software http://www.openwall.com/lists/oss-security/2013/12/30/1 http://www.openwall.com/lists/oss-security/2013/12/30/3 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2013-7236
https://notcve.org/view.php?id=CVE-2013-7236
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. Simple Machines Forum (SMF) 2.0.6, 1.1.19, y anteriores permite a atacantes remotos suplantar usuarios arbitrarios a través de un carácter Unicode homógrafos en un nombre de usuario. • http://seclists.org/fulldisclosure/2013/Dec/83 http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software http://www.openwall.com/lists/oss-security/2013/12/30/1 http://www.openwall.com/lists/oss-security/2013/12/30/3 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 48EXPL: 0CVE-2013-4465
https://notcve.org/view.php?id=CVE-2013-4465
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. vulnerabilidad de subida sin restricción de archivos en la funcionalidad avatar upload en Simple Machines Forum antes de 2.0.6 y 2.1 que permite a los usuarios remotos autenticados ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable , y a continuación, acceder a él a través de una petición directa al archivo en un directorio no especificado . • http://download.simplemachines.org/index.php?thanks%3Bfilename=smf_2-0-6_changelog.txt http://www.openwall.com/lists/oss-security/2013/10/23/6 http://www.openwall.com/lists/oss-security/2013/10/25/3 http://www.securityfocus.com/bid/63275 https://github.com/SimpleMachines/SMF2.1/issues/701 •