Lucene search
K

307 matches found

NVD
NVD
added 2019/03/07 11:29 p.m.17 views

CVE-2013-7467

Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...

6.1CVSS6AI score0.00848EPSS
Exploits1References1
Prion
Prion
added 2019/03/07 11:29 p.m.9 views

Code injection

Simple Machines Forum SMF 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter...

6.8CVSS7.7AI score0.0168EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/07 11:29 p.m.14 views

CVE-2013-7466

Simple Machines Forum SMF 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the dbtype parameter if install.php remains present after installation...

8.8CVSS8.8AI score0.04006EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/07 10:0 p.m.22 views

CVE-2013-7467

Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...

6.4AI score0.00848EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/07 10:0 p.m.20 views

CVE-2013-7466

Simple Machines Forum SMF 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the dbtype parameter if install.php remains present after installation...

8.8AI score0.04006EPSS
Exploits1References1
Prion
Prion
added 2018/04/24 2:29 a.m.19 views

Design/Logic Flaw

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...

7.5CVSS9.3AI score0.01165EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/24 2:29 a.m.3 views

CVE-2018-10305

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...

9.8CVSS5.8AI score0.01165EPSS
Exploits0References1
CVE
CVE
added 2018/04/24 2:0 a.m.56 views

CVE-2018-10305

CVE-2018-10305 (SMF) affects Simple Machines Forum prior to 2.0.15. The root cause is the MessageSearch2 function in PersonalMessage.php not properly using the possible_users variable in a query, enabling a remote attacker to bypass intended access restrictions. Impact is a security bypass of acc...

9.8CVSS9.3AI score0.01165EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/24 12:0 a.m.2 views

Simple Machines Forum Access Restriction Bypass Vulnerability

Simple Machines Forum is an open source, Internet forum, message board program developed by Simple Machines. An access restriction bypass vulnerability exists in Simple Machines Forum before 2.0.15. The vulnerability arises because the MessageSearch2 function in PersonalMessage.php in Simple...

9.8CVSS6.9AI score0.01165EPSS
Exploits0References1
NVD
NVD
added 2017/02/09 3:59 p.m.17 views

CVE-2016-5726

Packages.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter...

9.8CVSS9.8AI score0.01566EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/09 3:0 p.m.21 views

CVE-2016-5727

LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...

9AI score0.01527EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/09/27 12:0 a.m.37 views

Tapatalk Detection (HTTP)

HTTP based detection of Tapatalk. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111039";...

5.8AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Simple Machines Forum <= 1.1.4 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Simple Machines Forum <= 1.0.4 (modify) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w SMF Modify SQL Injection // All Versions // By James http://www.gulftech.org Simple proof of concept for the modify post SQL Injection issue I discovered in Simple Machine Forums. Supply this script with your username password and the complete...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

Simple Machines Forum <= 1.1.6 (LFI) Code Execution Exploit

No description provided by source. !/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: = 1.1.6 @authr: elmysterio a.k.a us @stats: DROPPED!!!!!!! @descp: In loving memory of the rare bone marrow disease that killed rgod. We can't thank you enough for killing a bug killer. @bug :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Simple Machines forum (SMF) 2.0 session hijacking

No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Simple Machines Forum 1.0 Size Tag HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10281/info It has been reported that Simple Machines Forum SMF may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- Simple Machines Forum = 1.1 rc2 lngfile ZendHashDelKeyOrIndex/arbitrary local inclusion exploit Win boxes by rgod [email protected]...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Simple Machines Forum <= 1.1.4 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Simple Machines Forum <= 1.1 rc2 Lock Topics Remote Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- Simple Machines Forum = 1.1.RC2 lock/ZendHashDelKeyOrIndex Vulnerability by rgod [email protected] site: http://retrogod.altervista.or...

7.1AI score
Exploits0
Rows per page
Query Builder