CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4467
https://notcve.org/view.php?id=CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum. Simple Machines Forum (SMF) 1.1RCx anterior a 1.1RC3, y 1.0.x anterior a 1.0.8, no asigna correctamente variables cuando los datos de entrada incluyen un parámetro numérico con un valor que empareja el valor del hash de un parámetro alfanumérico, lo cual permite a un atacante remoto llevar a cabo ataques de directorio transversal para leer archivos locales de su elección, bloquear asuntos, y tener posiblemente otros impactos de seguridad. NOTA: podría ser discutido que esta vulnerabilidad es debida a un fallo en el comando unset de PHP (CVE-2006-3017) y la solución apropiada debe estar en el PHP; si es así entonces esto no se debe tratar como vulnerabilidad en Simple Machines Forum. • http://retrogod.altervista.org/smf_11rc2_local_incl.html http://retrogod.altervista.org/smf_11rc2_lock.html http://securityreason.com/securityalert/1475 http://www.securityfocus.com/archive/1/444053/100/100/threaded http://www.simplemachines.org/community/index.php?topic=107112.0 http://www.simplemachines.org/community/index.php?topic=107135.0 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0896
https://notcve.org/view.php?id=CVE-2006-0896
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. Simple Machines Forum, or SMF, version 1.0.6 is susceptible to a cross site scripting vulnerable in the X-Forwarded-For directive that can be used to commit attacks against an administrator. • http://attrition.org/pipermail/vim/2006-April/000682.html http://evuln.com/vulns/86/summary.html http://secunia.com/advisories/19004 http://securityreason.com/securityalert/545 http://www.osvdb.org/23480 http://www.securityfocus.com/archive/1/426824/100/0/threaded http://www.securityfocus.com/bid/16841 http://www.simplemachines.org/community/index.php?topic=78841.0 http://www.vupen.com/english/advisories/2006/0726 https://exchange.xforce.ibmcloud.com/vulnerabilities/24915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4159
https://notcve.org/view.php?id=CVE-2005-4159
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor ** DISPUTADA ** El fabricante y terceras partes han disputado este asunto. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html http://www.securityfocus.com/archive/1/419068/100/0/threaded http://www.securityfocus.com/archive/1/419105/100/0/threaded http://www.securityfocus.com/archive/1/419250/100/0/threaded http://www.securityfocus.com/archive/1/419535/100/0/threaded http://www.securityfocus.com/bid/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/23546 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2005-2817
https://notcve.org/view.php?id=CVE-2005-2817
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. • http://rgod.altervista.org/smf105.html http://seclists.org/lists/bugtraq/2005/Aug/0438.html http://secunia.com/advisories/16646 http://securitytracker.com/id?1014828 https://exchange.xforce.ibmcloud.com/vulnerabilities/22093 •