307 matches found
CVE-2013-7467
Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...
Code injection
Simple Machines Forum SMF 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter...
CVE-2013-7466
Simple Machines Forum SMF 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the dbtype parameter if install.php remains present after installation...
CVE-2013-7467
Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...
CVE-2013-7466
Simple Machines Forum SMF 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the dbtype parameter if install.php remains present after installation...
Design/Logic Flaw
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum SMF before 2.0.15 does not properly use the possibleusers variable in a query, which might allow attackers to bypass intended access restrictions...
CVE-2018-10305
CVE-2018-10305 (SMF) affects Simple Machines Forum prior to 2.0.15. The root cause is the MessageSearch2 function in PersonalMessage.php not properly using the possible_users variable in a query, enabling a remote attacker to bypass intended access restrictions. Impact is a security bypass of acc...
Simple Machines Forum Access Restriction Bypass Vulnerability
Simple Machines Forum is an open source, Internet forum, message board program developed by Simple Machines. An access restriction bypass vulnerability exists in Simple Machines Forum before 2.0.15. The vulnerability arises because the MessageSearch2 function in PersonalMessage.php in Simple...
CVE-2016-5726
Packages.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter...
CVE-2016-5727
LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...
Tapatalk Detection (HTTP)
HTTP based detection of Tapatalk. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111039";...
Simple Machines Forum <= 1.1.4 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary...
Simple Machines Forum <= 1.0.4 (modify) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w SMF Modify SQL Injection // All Versions // By James http://www.gulftech.org Simple proof of concept for the modify post SQL Injection issue I discovered in Simple Machine Forums. Supply this script with your username password and the complete...
Simple Machines Forum <= 1.1.6 (LFI) Code Execution Exploit
No description provided by source. !/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: = 1.1.6 @authr: elmysterio a.k.a us @stats: DROPPED!!!!!!! @descp: In loving memory of the rare bone marrow disease that killed rgod. We can't thank you enough for killing a bug killer. @bug :...
Simple Machines forum (SMF) 2.0 session hijacking
No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...
Simple Machines Forum 1.0 Size Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10281/info It has been reported that Simple Machines Forum SMF may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due ...
Simple Machines Forum <= 1.1 rc2 (lngfile) Remote Exploit (windows)
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- Simple Machines Forum = 1.1 rc2 lngfile ZendHashDelKeyOrIndex/arbitrary local inclusion exploit Win boxes by rgod [email protected]...
Simple Machines Forum <= 1.1.4 - Remote SQL Injection Exploit
No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...
Simple Machines Forum <= 1.1 rc2 Lock Topics Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- Simple Machines Forum = 1.1.RC2 lock/ZendHashDelKeyOrIndex Vulnerability by rgod [email protected] site: http://retrogod.altervista.or...