Page 6 of 28 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. La función PlushSearch2 en Search.php de Simple Machines Forum (SMF)antes de v1.1.13 y v2.x antes de v2.0 RC5, usa ciertos datos almacenados en caché en una situación en la que ha sido creada una tabla temporal , a pesar de estos datos en caché solo se usan en situaciones en las que una tabla temporal no se ha creado, lo que podría permitir a atacantes remotos obtener información sensible a través de una búsqueda. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 http://www.simplemachines.org/community/index.php?topic=421547.0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 2

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. La funcionalidad de reinicio de contraseña en Simple Machines Forum (SMF) v1.0.x anteriores a v1.0.14, v1.1.x anteriores a v1.1.6, y v2.0 anteriores a v2.0 beta 4 incluye pistas acerca del estado del generador de número aleatorios con un campo del formulario escondido y genera códigos validados predecibles, lo que permite a los atacantes remotos, modificar la contraseña de otros usuario y obtener privilegios. • https://www.exploit-db.com/exploits/6392 http://osvdb.org/47945 http://secunia.com/advisories/31750 http://www.securityfocus.com/bid/31053 http://www.simplemachines.org/community/index.php?topic=260145.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/44931 • CWE-255: Credentials Management Errors •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. Vulnerabilidad de inyección SQL en Sources/ManageBoards.php en Simple Machines Forum 1.1 RC3 permite a un atacante remoto ejecutar comandos SQL de su elección a través del parámetro cur_cat. • http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html http://secunia.com/advisories/21740 http://securityreason.com/securityalert/1506 http://www.vupen.com/english/advisories/2006/3435 https://exchange.xforce.ibmcloud.com/vulnerabilities/28716 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •