Vendor Dictionary: Simple Machines

Simple Machines

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

Simple Machines

Simple Machines

Simple Machines Forum: 1.1.4; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 38070 Simple Machines Forum (SMF) Sources/Search.php SQL Injection; OSVDB ID: 47003 Simple Machines Forum (SMF) RNG Weakness Unspecified Issue; 1.0.12; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 38070 Simple Machines Forum (SMF) Sources/Search.php SQL Injection; OSVDB ID: 47003 Simple Machines Forum (SMF) RNG Weakness Unspecified Issue; 1.1.3; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 35705 Simple Machines Forum (SMF) PHPSESSID Session Fixation; OSVDB ID: 38070 Simple Machines Forum (SMF) Sources/Search.php SQL Injection; 1.1.2; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 35705 Simple Machines Forum (SMF) PHPSESSID Session Fixation; 1.1.1; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.11; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.10; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.9; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.8; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.8; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.7; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.6; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.5; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.4; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.3; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.2; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.0.1; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; 1.1.5; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 47003 Simple Machines Forum (SMF) RNG Weakness Unspecified Issue; 1.0.13; OSVDB ID: 47002 Simple Machines Forum (SMF) Unspecified XSS; OSVDB ID: 47003 Simple Machines Forum (SMF) RNG Weakness Unspecified Issue; 1.1.7; OSVDB ID: 50070 Simple Machines Forum (SMF) Attachment Name Prediction Weakness; OSVDB ID: 50071 Simple Machines Forum (SMF) index.php package Parameter CSRF; OSVDB ID: 51646 Simple Machines Forum (SMF) packages.xml Multiple Element XSS; OSVDB ID: 51735 Simple Machines Forum (SMF) BBcode [url] Tag Handling XSS; OSVDB ID: 50072 Simple Machines Forum (SMF) index.php theme_dir Parameter Traversal Local File Inclusion; 1.0.15; OSVDB ID: 50070 Simple Machines Forum (SMF) Attachment Name Prediction Weakness; OSVDB ID: 50071 Simple Machines Forum (SMF) index.php package Parameter CSRF; OSVDB ID: 50072 Simple Machines Forum (SMF) index.php theme_dir Parameter Traversal Local File Inclusion; 1.1.6; OSVDB ID: 50070 Simple Machines Forum (SMF) Attachment Name Prediction Weakness; OSVDB ID: 50071 Simple Machines Forum (SMF) index.php package Parameter CSRF; OSVDB ID: 50072 Simple Machines Forum (SMF) index.php theme_dir Parameter Traversal Local File Inclusion; 1.0.14; OSVDB ID: 50070 Simple Machines Forum (SMF) Attachment Name Prediction Weakness; 1.1.12; OSVDB ID: 71009 Simple Machines Forum (SMF) SSI.php Guest Access Restriction Bypass; 1.1.11; OSVDB ID: 63516 Simple Machines Forum (SMF) index.php censor Action Word Addition XSS; OSVDB ID: 60651 Simple Machines Forum (SMF) Package Server Deletion CSRF; 1.1 RC3; OSVDB ID: 28457 Simple Machines Forum (SMF) ManageBoards.php cur_cat Parameter SQL Injection; 2.0.2; OSVDB ID: 76822 Simple Machines Forum (SMF) HTML Entity / Display Name Unspecified SQL Injection; OSVDB ID: 80766 Simple Machines Forum (SMF) index.php scheduled Parameter XSS; 1.1.8; OSVDB ID: 51646 Simple Machines Forum (SMF) packages.xml Multiple Element XSS; OSVDB ID: 51735 Simple Machines Forum (SMF) BBcode [url] Tag Handling XSS; 1.1.9; OSVDB ID: 51646 Simple Machines Forum (SMF) packages.xml Multiple Element XSS; 1.1.10; OSVDB ID: 60651 Simple Machines Forum (SMF) Package Server Deletion CSRF; 1.1.13; OSVDB ID: 75233 Simple Machines Forum (SMF) QueryString.php cleanRequest Function start Parameter SQL Injection; OSVDB ID: 75234 Simple Machines Forum (SMF) Subs.php constructPageIndex Function start Parameter SQL Injection; OSVDB ID: 75235 Simple Machines Forum (SMF) Load.php loadUserSettings Function Invalid Login Attempt Brute-Force Weakness; 2.0.1; OSVDB ID: 83192 Simple Machines Forum (SMF) cleanRequest() Cookie Array SQL Injection; OSVDB ID: 76822 Simple Machines Forum (SMF) HTML Entity / Display Name Unspecified SQL Injection; 2.0; OSVDB ID: 86441 Simple Machines Forum (SMF) Theme / Layout Settings Multiple Field XSS; OSVDB ID: 86444 Simple Machines Forum (SMF) index.php Admin Log Viewing Function file Parameter Arbitrary File Disclosure; 2.0; OSVDB ID: 86442 Simple Machines Forum (SMF) install.php Multiple Function XSS; 2.0; OSVDB ID: 86443 Simple Machines Forum (SMF) ManagePosts.php PDF/Flash Injection XSS; 2.0; 2.0; OSVDB ID: 86445 Simple Machines Forum (SMF) PackageGet.php Server Addition XSS; 2.0 RC2; OSVDB ID: 86446 Simple Machines Forum (SMF) index.php Multiple Action CSRF; 2.0; OSVDB ID: 86446 Simple Machines Forum (SMF) index.php Multiple Action CSRF; OSVDB ID: 76822 Simple Machines Forum (SMF) HTML Entity / Display Name Unspecified SQL Injection; 2.0; OSVDB ID: 86447 Simple Machines Forum (SMF) Load.php Malformed String Handling Remote DoS; 1.1.10; OSVDB ID: 86448 Simple Machines Forum (SMF) news.php RSS Entry Handling Remote DoS; 2.0; OSVDB ID: 86448 Simple Machines Forum (SMF) news.php RSS Entry Handling Remote DoS; 2.0; OSVDB ID: 86449 Simple Machines Forum (SMF) File Upload XSS; 1.1.10; OSVDB ID: 86450 Simple Machines Forum (SMF) Post.php Admin Password Hash Disclosure CSRF; 2.0; OSVDB ID: 86450 Simple Machines Forum (SMF) Post.php Admin Password Hash Disclosure CSRF; 2.0; OSVDB ID: 86451 Simple Machines Forum (SMF) Packages.php Multiple Parameter XSS; 2.0; OSVDB ID: 86452 Simple Machines Forum (SMF) Search Function smf_search_term Parameter XSS; 2.0; OSVDB ID: 86453 Simple Machines Forum (SMF) Theme Setting header_logo_url Parameter XSS; 2.0; OSVDB ID: 86454 Simple Machines Forum (SMF) Subforum Name XSS; 2.0; OSVDB ID: 86455 Simple Machines Forum (SMF) ManageServer.php Language Manager XSS; 2.0; OSVDB ID: 86456 Simple Machines Forum (SMF) Subs-Auth.php User Search delim Parameter XSS; 2.0; OSVDB ID: 86457 Simple Machines Forum (SMF) ManageErrors.php Invalid File Error Message XSS; 2.0; OSVDB ID: 86458 Simple Machines Forum (SMF) Smiley Administration XSS; 2.0; OSVDB ID: 86459 Simple Machines Forum (SMF) Censored Word Replacement XSS; 2.0; OSVDB ID: 86460 Simple Machines Forum (SMF) Post Body XSS; 2.0; OSVDB ID: 86461 Simple Machines Forum (SMF) ManageServer.php Arbitrary Command Execution CSRF; 1.1.15; OSVDB ID: 76822 Simple Machines Forum (SMF) HTML Entity / Display Name Unspecified SQL Injection; 1.1.14; OSVDB ID: 76822 Simple Machines Forum (SMF) HTML Entity / Display Name Unspecified SQL Injection; 2.0.3; OSVDB ID: 88909 Simple Machines Forum (SMF) SSI.php ssi_fetchPosts Function Remote Path Disclosure; 2.0.4; OSVDB ID: 92745 Simple Machines Forum (SMF) index.php Multiple Parameter Remote PHP Code Execution

XLRstats: 2.1.0; OSVDB ID: 68642 XLRstats index.php fname Parameter eval() PHP Code Execution; 2.0.1; OSVDB ID: 68642 XLRstats index.php fname Parameter eval() PHP Code Execution

RSGallery2 Component for Joomla!: 3.1.0; OSVDB ID: 84426 RSGallery2 Component for Joomla! Unspecified SQL Injection; OSVDB ID: 84427 RSGallery2 Component for Joomla! Comment BBCode XSS; OSVDB ID: 84681 RSGallery2 Component for Joomla! Directory URI Request Parsing Image Filename Disclosure; 3.1.0; 3.1.0

PsychoStats: 3.2.2b; OSVDB ID: 91721 PsychoStats awards.php d Parameter SQL Injection

SMF: 1.0b; OSVDB ID: 4283 YaBB background:url glow / shadow Tag XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.