CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2011-3615
https://notcve.org/view.php?id=CVE-2011-3615
24 Oct 2011 — Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information. Multiples vulnerabilidades de inyección SQL en Simple Machines Forum (SMF) anterios a v1.1.15 y v2.x anteriores a 2.0.1 que permiten a atacantes remotos ejecutar comandos SQL de su elección a traves de vectores que inc... • http://openwall.com/lists/oss-security/2011/10/09/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1131
https://notcve.org/view.php?id=CVE-2011-1131
21 Jun 2011 — The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. La función PlushSearch2 en Search.php de Simple Machines Forum (SMF)antes de v1.1.13 y v2.x antes de v2.0 RC5, usa ciertos datos alm... • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1127
https://notcve.org/view.php?id=CVE-2011-1127
21 Jun 2011 — SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. SSI.php en Simple Machines Forum ( SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no restringe correctamente el acceso de invitados, lo que permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1130
https://notcve.org/view.php?id=CVE-2011-1130
21 Jun 2011 — Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. Simple Machines Forum (SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no valida correctamente los parámetros de inicio, lo que podría permit... • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1128
https://notcve.org/view.php?id=CVE-2011-1128
21 Jun 2011 — The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. La función loadUserSettings en ??load.php en Simple Machines Forum (SMF ) antes de v1.1.13, y v2.x antes de v2.0 RC5, no controla correctamente intentos fallidos de inicio de sesión, lo que podría facilitar a los atacantes remotos ... • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 57EXPL: 0CVE-2011-1129
https://notcve.org/view.php?id=CVE-2011-1129
21 Jun 2011 — Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función EditNews en ManageNews.php de Simple Machines Forum antes de v1.1.13 y v2.x antes de 2.0 RC5 , permite a atacantes remotos inyectar secuencias de comandos web o H... • http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 7EXPL: 2CVE-2008-6971 – Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password
https://notcve.org/view.php?id=CVE-2008-6971
13 Aug 2009 — The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. La funcionalidad de reinicio de contraseña en Simple Machines Forum (SMF) v1.0.x anteriores a v1.0.14, v1.1.x anteriores a v1.1.6, y v2.0 anteriores a v2.0 beta 4 incluy... • https://www.exploit-db.com/exploits/6392 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2019
https://notcve.org/view.php?id=CVE-2008-2019
30 Apr 2008 — Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. Simple Machines Forum (SMF), probablemente 1.1.4, se basa en "estática generada aleatoriamente" para obstaculizar ataques de fuerza bruta en el fichero WAV (también... • https://github.com/TheRook/AudioCaptchaBypass-CVE-2008-2019 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-6375
https://notcve.org/view.php?id=CVE-2006-6375
07 Dec 2006 — Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en display.php del Simple Machines Forum (SMF) 1.1 Final y versiones anteriores permite a atacantes remotos la inyec... • http://secunia.com/advisories/23175 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4564
https://notcve.org/view.php?id=CVE-2006-4564
06 Sep 2006 — SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. Vulnerabilidad de inyección SQL en Sources/ManageBoards.php en Simple Machines Forum 1.1 RC3 permite a un atacante remoto ejecutar comandos SQL de su elección a través del parámetro cur_cat. • http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •