Simple Machines
Simple Machines was an American independent record label in Arlington, Virginia. The label was founded by Derek Denckla and Jenny Toomey and Brad Sigal while both were living in the Positive Force House in north Arlington, but Sigal and eventually Denckla stepped back from involvement. In 1990-91 Kristin Thomson stepped up and co-masterminded the project with Toomey and they started a new group house near Positive Force's. At its peak, the label was run by Toomey, Thomson, Pat Graham and Mickey Menard.
Products
6- 52 CVEs
- 42 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
68| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10305 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2018 | The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions. | ||
| CVE-2016-5726 | Cri | 0.64 | 9.8 | 0.02 | Feb 9, 2017 | Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | ||
| CVE-2016-5727 | Hig | 0.57 | 8.8 | 0.02 | Feb 9, 2017 | LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | ||
| CVE-2022-26982 | 0.04 | — | 0.09 | Apr 5, 2022 | SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the… | |||
| CVE-2008-6971 | 0.04 | — | 0.07 | Aug 13, 2009 | The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote… | |||
| CVE-2013-0192 | 0.03 | — | 0.04 | Feb 7, 2020 | File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | |||
| CVE-2009-5068 | 0.03 | — | 0.02 | Jan 15, 2020 | There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary… | |||
| CVE-2005-4891 | 0.03 | — | 0.02 | Jan 15, 2020 | Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | |||
| CVE-2012-5903 | 0.03 | — | 0.02 | Nov 17, 2012 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | |||
| CVE-2008-6741 | 0.03 | — | 0.01 | Apr 21, 2009 | SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to… | |||
| CVE-2008-6659 | 0.03 | — | 0.03 | Apr 7, 2009 | Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a… | |||
| CVE-2008-6658 | 0.03 | — | 0.02 | Apr 7, 2009 | Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action,… | |||
| CVE-2008-6657 | 0.03 | — | 0.01 | Apr 7, 2009 | Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action. | |||
| CVE-2008-6544 | 0.03 | — | 0.03 | Mar 30, 2009 | Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to… | |||
| CVE-2007-5646 | 0.03 | — | 0.03 | Oct 23, 2007 | SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. | |||
| CVE-2007-0399 | 0.03 | — | 0.02 | Jan 22, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | |||
| CVE-2006-5503 | 0.03 | — | 0.02 | Oct 25, 2006 | Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||
| CVE-2004-1996 | 0.03 | — | 0.02 | May 5, 2004 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | |||
| CVE-2004-1827 | 0.03 | — | 0.02 | Mar 15, 2004 | Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. | |||
| CVE-2026-26025 | 0.00 | — | 0.00 | Feb 24, 2026 | free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805)… |
- risk 0.64cvss 9.8epss 0.01
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
- risk 0.64cvss 9.8epss 0.02
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
- risk 0.57cvss 8.8epss 0.02
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
- CVE-2022-26982Apr 5, 2022risk 0.04cvss —epss 0.09
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the…
- CVE-2008-6971Aug 13, 2009risk 0.04cvss —epss 0.07
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote…
- CVE-2013-0192Feb 7, 2020risk 0.03cvss —epss 0.04
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
- CVE-2009-5068Jan 15, 2020risk 0.03cvss —epss 0.02
There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary…
- CVE-2005-4891Jan 15, 2020risk 0.03cvss —epss 0.02
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
- CVE-2012-5903Nov 17, 2012risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
- CVE-2008-6741Apr 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to…
- CVE-2008-6659Apr 7, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a…
- CVE-2008-6658Apr 7, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action,…
- CVE-2008-6657Apr 7, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
- CVE-2008-6544Mar 30, 2009risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to…
- CVE-2007-5646Oct 23, 2007risk 0.03cvss —epss 0.03
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
- CVE-2007-0399Jan 22, 2007risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
- CVE-2006-5503Oct 25, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
- CVE-2004-1996May 5, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.
- CVE-2004-1827Mar 15, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
- CVE-2026-26025Feb 24, 2026risk 0.00cvss —epss 0.00
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805)…