Filtered by vendor Simplemachines
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6971 | 1 Simplemachines | 1 Smf | 2017-09-29 | N/A |
| The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges. | ||||
| CVE-2011-3615 | 1 Simplemachines | 1 Smf | 2017-08-29 | N/A |
| Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2017-07-20 | N/A |
| SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | ||||
| CVE-2016-5727 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | N/A |
| LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | ||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2017-02-23 | N/A |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | ||||
| CVE-2013-7236 | 1 Simplemachines | 1 Simple Machines Forum | 2014-04-30 | N/A |
| Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | ||||