NotCVE - vendor:"Openx" product:"Openx" version:" <= 2.8.11"

13 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 4

CVE-2014-2230 – OpenX 2.8.10 Open Redirect

https://notcve.org/view.php?id=CVE-2014-2230

16 Oct 2014 — Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php. Vulnerabilidad de redirección abierta en la función header en adclick.php en OpenX 2.8.10 y anteriores permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en (1)... • https://packetstorm.news/files/id/128718 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2013-7376 – OpenX 2.8.10 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-7376

14 May 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514. Múltiples vulnerabilidades de CSRF en OpenX 2.8.10, posiblemente anterior a revisión 82710, permiten a atacantes remotos se... • https://www.exploit-db.com/exploits/26624 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 5%CPEs: 13EXPL: 5

CVE-2013-5954 – OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-5954

15 Mar 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php. Múltiples vul... • https://packetstorm.news/files/id/125735 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-7149 – Revive Adserver 3.0.1 SQL Injection

https://notcve.org/view.php?id=CVE-2013-7149

20 Dec 2013 — SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. Vulnerabilidad de inyección SQL en www / entrega / axmlrpc.php (también conocido como el XML-RPC invocación de entrega de script) en Revive Adserver antes de 3.0.2, y OpenX Fuente 2.8.11 y anteriores, permite a atacantes remotos ejecutar ... • http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 85%CPEs: 1EXPL: 4

CVE-2013-4211 – OpenX - Backdoor PHP Code Execution

https://notcve.org/view.php?id=CVE-2013-4211

09 Aug 2013 — A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code Se presenta una Vulnerabilidad de Ejecución de Código en OpenX Ad Server versión 2.8.10, debido a un backdoor en la biblioteca flowplayer-3.1.1.min.js, lo que podría permitir a un usuario malicioso remoto ejecutar código PHP arbitrario. • https://packetstorm.news/files/id/122768 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 8%CPEs: 27EXPL: 4

CVE-2013-3514 – OpenX 2.8.10 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-3514

03 Jul 2013 — Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files. Múltiples vulnerabilidades de salto de directorio en OpenX anterior a 2.8.10 revisión 82710 permite a administra... • https://packetstorm.news/files/id/122281 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 6%CPEs: 23EXPL: 5

CVE-2013-3515 – OpenX 2.8.10 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-3515

03 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php. Múltiples vulnerabilidades XSS en OpenX Source 2.8.10 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de lso parámetros (1) package a www/admin/plugin-index.php o (2) group a www/admin/plugin-sett... • https://packetstorm.news/files/id/122281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4

CVE-2012-4989 – OpenX 2.8.10 - 'plugin-index.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-4989

22 Oct 2012 — Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/plugin-index.php en OpenX v2.8.10 antes de la revisión 81823, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro parent en una acción info. • https://www.exploit-db.com/exploits/37938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2012-4990

https://notcve.org/view.php?id=CVE-2012-4990

22 Oct 2012 — SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. Vulnerabilidad de inyección SQL en admin/campaign-zone-link.php en OpenX v2.8.10 antes de la revision 81823, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ids[] en una acción link. • http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-4830

https://notcve.org/view.php?id=CVE-2009-4830

27 Apr 2010 — Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. Vulnerabilidad no especificada en OpenX 2.8.1 y 2.8.2 permite a atacantes remotos evitar la autenticación y obtener acceso a una cuenta de Administrador mediante vectores desconocidos, posiblemente relacionados con www/admin/install.php, www/a... • http://blog.openx.org/12/security-matters-2 • CWE-287: Improper Authentication •

1 2