Lucene search

K

SMF Security Vulnerabilities

cve
cve

CVE-2023-47346

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP...

7.5CVSS

7.3AI Score

0.0005EPSS

2023-11-13 10:15 PM
15
cve
cve

CVE-2011-4173

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are...

7.2AI Score

0.002EPSS

2022-10-03 04:15 PM
13
cve
cve

CVE-2011-1127

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown...

7AI Score

0.004EPSS

2022-10-03 04:15 PM
33
cve
cve

CVE-2011-1129

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items...

5.4AI Score

0.001EPSS

2022-10-03 04:15 PM
24
cve
cve

CVE-2011-1128

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force...

6.9AI Score

0.002EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2011-1131

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created,....

6.3AI Score

0.002EPSS

2022-10-03 04:15 PM
16
cve
cve

CVE-2011-1130

Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest...

7.9AI Score

0.001EPSS

2022-10-03 04:15 PM
18
cve
cve

CVE-2013-4395

Simple Machines Forum (SMF) through 2.0.5 has...

6.1CVSS

6AI Score

0.001EPSS

2020-02-12 04:15 PM
17
cve
cve

CVE-2013-0192

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database...

4.9CVSS

5.1AI Score

0.001EPSS

2020-02-07 02:15 PM
17
cve
cve

CVE-2009-5068

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the...

7.2CVSS

6.8AI Score

0.001EPSS

2020-01-15 09:15 PM
46
cve
cve

CVE-2012-5903

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to...

5.9AI Score

0.002EPSS

2012-11-17 09:55 PM
22
cve
cve

CVE-2011-3615

Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party...

8.4AI Score

0.002EPSS

2011-10-24 05:55 PM
19
cve
cve

CVE-2008-6971

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify...

7.1AI Score

0.111EPSS

2009-08-13 04:30 PM
29
cve
cve

CVE-2009-2385

SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are...

8.6AI Score

0.001EPSS

2009-07-08 03:30 PM
23
cve
cve

CVE-2008-2019

Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists.....

6.8AI Score

0.008EPSS

2008-04-30 01:07 AM
21
cve
cve

CVE-2008-0775

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with...

5.8AI Score

0.003EPSS

2008-02-14 12:00 AM
28
cve
cve

CVE-2008-0284

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic...

5.7AI Score

0.002EPSS

2008-01-15 09:00 PM
18
cve
cve

CVE-2006-6375

Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet...

5.9AI Score

0.034EPSS

2006-12-07 05:28 PM
19
cve
cve

CVE-2006-4564

SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat...

8.8AI Score

0.005EPSS

2006-09-06 01:04 AM
20
cve
cve

CVE-2006-3773

PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...

7.6AI Score

0.085EPSS

2006-07-24 12:19 PM
288
cve
cve

CVE-2004-1827

Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow...

6AI Score

0.008EPSS

2005-05-10 04:00 AM
25
cve
cve

CVE-2004-1996

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size...

6.1AI Score

0.004EPSS

2005-05-10 04:00 AM
25