CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2012-5903 – Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5903
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) v2.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro programado a index.php. • https://www.exploit-db.com/exploits/37027 http://osvdb.org/80766 http://packetstormsecurity.org/files/111356/SMF-2.0.2-Cross-Site-Scripting.html http://www.securityfocus.com/bid/52822 https://exchange.xforce.ibmcloud.com/vulnerabilities/74521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-7035
https://notcve.org/view.php?id=CVE-2008-7035
Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en un componente no especificado en Simple Machines phpRaider v1.0.7 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del campo resistencia. NOTA: la procedencia de esta información es desconocida; lo detalles ha sido obtenidos únicamente de información de terceros. • http://www.securityfocus.com/bid/27976 https://exchange.xforce.ibmcloud.com/vulnerabilities/40849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-2385 – SMF Mod Member Awards 1.0.2 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2385
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en la función awardsMembers en Sources/Profile.php en el componente Member Awards para Simple Machines Forum /SMF), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción "profile" al index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/9050 http://secunia.com/advisories/35661 http://www.exploit-db.com/exploits/9050 http://www.securityfocus.com/bid/35536 https://exchange.xforce.ibmcloud.com/vulnerabilities/51441 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 2CVE-2008-6741 – Simple Machines Forum (SMF) 1.1.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6741
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php. Vulnerabilidad de inyección SQL en Load.php en Simple Machines Forum (SMF) v1.1.4 y anteriores permite a atacantes remotos ejecutar comandos SQL de forma arbitraria mediante el ajuste de el parámetro "db_character_set" a caracteres multibyte tal como big5, lo que produce que la función de PHP "addslashes" produzca una secuencia "\" (barra invertida) no la comilla "'" (comilla simple), como se demostró a través de la acción "manlabels" en index.php. • https://www.exploit-db.com/exploits/5826 http://www.securityfocus.com/bid/29734 https://exchange.xforce.ibmcloud.com/vulnerabilities/43118 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 2CVE-2008-6657 – Simple Machines Forum (SMF) 1.1.6 - Code Execution
https://notcve.org/view.php?id=CVE-2008-6657
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en index.php en Simple Machines Forum (SMF) v1.0 anteriores a v1.0.15 y v1.1 anteriores a v1.1.7 permite a atacantes remotos secuestrar la autenticación de los administradores para realizar peticiones para instalar paquetes a través del parámetro "package" en una acción install2. • https://www.exploit-db.com/exploits/6993 http://osvdb.org/50071 http://secunia.com/advisories/32516 http://www.securityfocus.com/bid/32119 http://www.simplemachines.org/community/index.php?topic=272861.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/46343 • CWE-352: Cross-Site Request Forgery (CSRF) •