CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5943
https://notcve.org/view.php?id=CVE-2007-5943
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. Simple Machines Forum (SMF) 1.1.4 permite a atacantes remotos leer un mensaje en un foro privado utilizando el método avanzado de búsqueda con la opción "mostrar resultado como mensajes", en busca de posibles palabras clave que figura en el mensaje. • http://www.securityfocus.com/archive/1/483437/100/0/threaded http://www.securityfocus.com/bid/26508 • CWE-16: Configuration •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2007-5646 – Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2007-5646
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. Vulnerabilidad de inyección SQL en Sources/Search.php en Simple Machines Forum (SMF) 1.1.3, cuando MySQL 5 se está utilizando, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro userspec en un una acción search2 en index.php. • https://www.exploit-db.com/exploits/4547 http://secunia.com/advisories/27346 http://securityreason.com/securityalert/3284 http://www.securityfocus.com/archive/1/482569/100/0/threaded http://www.securityfocus.com/bid/26144 http://www.simplemachines.org/community/index.php?topic=196380.0 http://www.vupen.com/english/advisories/2007/3568 https://exchange.xforce.ibmcloud.com/vulnerabilities/37342 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3942
https://notcve.org/view.php?id=CVE-2007-3942
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use ** IMPUGNADO ** Vulnerabilidad de salto de directorio en index.php de Simple Machines Forum (SMF) 1.1.3 permite a atacantes remotos incluir ficheros locales mediante vectores no especificados relativos al parámetro sourcedir o la tabla hash actionArray. NOTA: CVE y múltiples terceras partes impugnan esta vulnerabilidad porque ambos sourcedir y actionArray se definen antes de ser usados. • http://www.securityfocus.com/archive/1/473866/100/0/threaded http://www.securityfocus.com/archive/1/473991/100/0/threaded http://www.securityfocus.com/archive/1/480572/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35451 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3309
https://notcve.org/view.php?id=CVE-2007-3309
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. Vulnerabilidad no especificada en Simple Machines Forum (SMF) 1.1.2 permite a atacantes remotos ejecutar código PHP de su elección durante la (1) creación o (2) edición de un mensaje. • http://osvdb.org/40433 http://securitytracker.com/id?1018260 http://securityvulns.ru/Rdocument271.html http://www.securityfocus.com/archive/1/471641/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34908 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3308
https://notcve.org/view.php?id=CVE-2007-3308
Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. Simple Machines Forum (SMF) 1.1.2 utiliza un método de concatenación con aleatoriedad insuficiente al crear el CAPTCHA de un fichero WAV, lo cual permite a atacantes remotos evitar el test del CAPTCHA mediante un ataque automatizado por fuerza bruta. • http://osvdb.org/40617 http://securitytracker.com/id?1018260 http://securityvulns.ru/Rdocument271.html http://www.securityfocus.com/archive/1/471641/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34907 •