Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2009/08/13 4:30 p.m.10 views

CVE-2008-6971

The password reset functionality in Simple Machines Forum SMF 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify...

7.5CVSS6.9AI score0.05711EPSS
Exploits2References6
NVD
NVDadded 2008/07/08 6:41 p.m.10 views

CVE-2008-3073

Unspecified vulnerability in Simple Machines Forum SMF 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting XSS, related to "use of the html-tag."...

7.5CVSS6AI score0.00334EPSS
Exploits0References3
CVE
CVEadded 2007/01/22 6:0 p.m.42 views

CVE-2007-0399

SMF 1.1 RC3 exposes multiple XSS flaws in index.php during the PM “send” action. Infected input (recipient/BCC fields) can inject arbitrary script/HTML in the context of an authenticated user. Affected: Simple Machines Forum (SMF), version 1.1 RC3; vulnerability arises in the PM sending workflow....

6CVSS5.4AI score0.01777EPSS
Exploits0References10Affected Software1
exploitpack
exploitpackadded 2007/01/20 12:0 a.m.11 views

SMF 1.1 - index.php HTML Injection

SMF 1.1 - index.php HTML Injection source: https://www.securityfocus.com/bid/22143/info SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute ...

7.6AI score
Exploits0
Exploit DB
Exploit DBadded 2007/01/20 12:0 a.m.21 views

SMF 1.1 - 'index.php' HTML Injection

source: https://www.securityfocus.com/bid/22143/info SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected...

7.4AI score
Exploits0
CVE
CVEadded 2006/09/06 1:0 a.m.43 views

CVE-2006-4564

CVE-2006-4564 describes an SQL injection vulnerability in Simple Machines Forum (SMF) 1.1 RC3, occurring in Sources/ManageBoards.php. The vulnerability is exploitable via the cur_cat parameter, enabling remote attackers to execute arbitrary SQL commands. The CVSS v2 base score is 5.1 (Medium) wit...

5.1CVSS8.8AI score0.00619EPSS
Exploits0References5Affected Software1
securityvulns
securityvulnsadded 2006/09/04 12:0 a.m.37 views

Sql injections in e107 [Admin section]

Hi, There is a sql injection in SMF 1.1 RC3, in admin section : When an administrator is going to add a new board, the "curcat" parameter is not checked properly : File /Sources/ManageBoards.php, Line 609 : :: // Create a new board... :: if isset$POST'add' :: :: // New boards by default go to the...

0.8AI score
Exploits0
NVD
NVDadded 2005/12/11 11:3 a.m.12 views

CVE-2005-4159

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum SMF 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character...

7.5CVSS8.6AI score0.01112EPSS
Exploits0References7
Rows per page
Query Builder