CVE-2006-0896
https://notcve.org/view.php?id=CVE-2006-0896
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. Simple Machines Forum, or SMF, version 1.0.6 is susceptible to a cross site scripting vulnerable in the X-Forwarded-For directive that can be used to commit attacks against an administrator. • http://attrition.org/pipermail/vim/2006-April/000682.html http://evuln.com/vulns/86/summary.html http://secunia.com/advisories/19004 http://securityreason.com/securityalert/545 http://www.osvdb.org/23480 http://www.securityfocus.com/archive/1/426824/100/0/threaded http://www.securityfocus.com/bid/16841 http://www.simplemachines.org/community/index.php?topic=78841.0 http://www.vupen.com/english/advisories/2006/0726 https://exchange.xforce.ibmcloud.com/vulnerabilities/24915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-4159
https://notcve.org/view.php?id=CVE-2005-4159
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor ** DISPUTADA ** El fabricante y terceras partes han disputado este asunto. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html http://www.securityfocus.com/archive/1/419068/100/0/threaded http://www.securityfocus.com/archive/1/419105/100/0/threaded http://www.securityfocus.com/archive/1/419250/100/0/threaded http://www.securityfocus.com/archive/1/419535/100/0/threaded http://www.securityfocus.com/bid/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/23546 •
CVE-2005-2817
https://notcve.org/view.php?id=CVE-2005-2817
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. • http://rgod.altervista.org/smf105.html http://seclists.org/lists/bugtraq/2005/Aug/0438.html http://secunia.com/advisories/16646 http://securitytracker.com/id?1014828 https://exchange.xforce.ibmcloud.com/vulnerabilities/22093 •