CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-7013
https://notcve.org/view.php?id=CVE-2006-7013
QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue ** IMPUGNADA ** QueryString.php de Simple Machines Forum (SMF) 1.0.7 y anteriores, y 1.1rc2 y anteriores, permite a atacantes remotos falsear más fácilmente la dirección IP y evitar la expulsión mediante una cabecera HTTP X-Forwarded-For modificada, la cual se utiliza preferentemente en lugar de otras fuentes más confiables para obtener la dirección IP. NOTA: el investigador original afirma que el fabricante ha negado este problema. • http://securityreason.com/securityalert/2256 http://www.securityfocus.com/archive/1/435686/30/4740/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/27082 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5504
https://notcve.org/view.php?id=CVE-2006-5504
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. Vulnerabilidad en secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el Simple Machines Forum (SMF) permite a atacantes remotos la inyección de secuencia de comandos de Web o HTML mediante el valor en el parámetro de "action" codificado en Base64. • http://osvdb.org/31070 http://www.securityfocus.com/archive/1/449307/100/0/threaded http://www.securityfocus.com/archive/1/449395/100/0/threaded http://www.securityfocus.com/archive/1/449478/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/29689 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4467
https://notcve.org/view.php?id=CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum. Simple Machines Forum (SMF) 1.1RCx anterior a 1.1RC3, y 1.0.x anterior a 1.0.8, no asigna correctamente variables cuando los datos de entrada incluyen un parámetro numérico con un valor que empareja el valor del hash de un parámetro alfanumérico, lo cual permite a un atacante remoto llevar a cabo ataques de directorio transversal para leer archivos locales de su elección, bloquear asuntos, y tener posiblemente otros impactos de seguridad. NOTA: podría ser discutido que esta vulnerabilidad es debida a un fallo en el comando unset de PHP (CVE-2006-3017) y la solución apropiada debe estar en el PHP; si es así entonces esto no se debe tratar como vulnerabilidad en Simple Machines Forum. • http://retrogod.altervista.org/smf_11rc2_local_incl.html http://retrogod.altervista.org/smf_11rc2_lock.html http://securityreason.com/securityalert/1475 http://www.securityfocus.com/archive/1/444053/100/100/threaded http://www.simplemachines.org/community/index.php?topic=107112.0 http://www.simplemachines.org/community/index.php?topic=107135.0 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4159
https://notcve.org/view.php?id=CVE-2005-4159
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor ** DISPUTADA ** El fabricante y terceras partes han disputado este asunto. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html http://www.securityfocus.com/archive/1/419068/100/0/threaded http://www.securityfocus.com/archive/1/419105/100/0/threaded http://www.securityfocus.com/archive/1/419250/100/0/threaded http://www.securityfocus.com/archive/1/419535/100/0/threaded http://www.securityfocus.com/bid/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/23546 •