8 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. Vulnerabilidad de desbordamiento del búfer en free5gc 3.3.0, UPF 1.2.0 y SMF 1.2.0 permite a atacantes provocar una denegación de servicio mediante mensajes PFCP manipulados. • https://github.com/free5gc/free5gc/issues/482 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 62EXPL: 0

Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information. Multiples vulnerabilidades de inyección SQL en Simple Machines Forum (SMF) anterios a v1.1.15 y v2.x anteriores a 2.0.1 que permiten a atacantes remotos ejecutar comandos SQL de su elección a traves de vectores que incluyen una (1) entidad HTML o (2) muestran nombre. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • http://openwall.com/lists/oss-security/2011/10/09/3 http://openwall.com/lists/oss-security/2011/10/10/6 http://secunia.com/advisories/46386 http://www.simplemachines.org/community/index.php?topic=452888.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/70617 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 57EXPL: 0

Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. Simple Machines Forum (SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no valida correctamente los parámetros de inicio, lo que podría permitir a atacantes remotos realizar ataques de inyección SQL, obtener información sensible o causar una denegación de servicio a través de un valor creado, en relación con la función cleanRequest en QueryString.php y la función constructPageIndex en Subs.php. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 http://www.simplemachines.org/community/index.php?topic=421547.0 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. SSI.php en Simple Machines Forum ( SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no restringe correctamente el acceso de invitados, lo que permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 http://www.simplemachines.org/community/index.php?topic=421547.0 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 57EXPL: 0

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. La función loadUserSettings en ??load.php en Simple Machines Forum (SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no controla correctamente intentos fallidos de inicio de sesión, lo que podría facilitar a los atacantes remotos obtener acceso o causar una denegación de servicio a través de un ataque de fuerza bruta. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip http://www.openwall.com/lists/oss-security/2011/02/22/17 http://www.openwall.com/lists/oss-security/2011/03/02/4 http://www.simplemachines.org/community/index.php?topic=421547.0 • CWE-310: Cryptographic Issues •