82 matches found
YouPHPTube /plugin/AD_Server/view/campaignsVideos.json.php id SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Ad Network Sizmek Probes Account Breach
Online advertising firm Sizmek Inc. NASDAQ: SZMK says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an...
Exosrv.com, an ad server for adult sites, tops Malwarebytes detections
Update 12/18/2017: Upon review, we have decided to lift the block on those two ad servers. You can read ExoClick's comments below: At Exoclick we use large resources to ensure that the ads that we serve are clear, clean and issue free. Where malwares and other forms of malvertising are detected...
Revive Ad Server 4.0.1 - Cross-Site Scripting Cross-Site Request Forgery
Revive Ad Server 4.0.1 - Cross-Site Scripting Cross-Site Request Forgery --------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website :...
Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications --------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website : https://www.revive-adserver.com/ Software...
Revive Ad Server 4.0.1 Cross Site Request Forgery / Cross Site Scripting
--------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website : https://www.revive-adserver.com/ Software download : https://www.revive-adserver.com/download/...
Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
--------------------------------------------------------------- Exploit Title: XSRF Stored Revive Ad Server 4.0.1 Date: 24/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT Vendor Website : https://www.revive-adserver.com/ Software download : https://www.revive-adserver.com/download/...
caravans.net Open Redirect vulnerability
Vulnerable URL: http://www.caravans.net/adserver/www/delivery/ck.php?oaparams=2bannerid=303zoneid=182cb=088428212eoadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly...
iBackDoor: High-Risk Code Hits iOS Apps
Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...
Design/Logic Flaw
Cisco Digital Content Manager DCM 15.0.0 might allow remote ad servers to cause a denial of service reboot via malformed ad messages, aka Bug ID CSCur13999...
Inout Ad server Ultimate Shell Upload Vulnerabilty
No description provided by source. ============================================================== Inout Ad server Ultimate -- Shell upload Vulnerabilty ============================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Date : july 9,2010...
OpenX Ad Server 2.8.7 Cross Site Request Forgery
No description provided by source. Secur-I Research Group Security Advisory ======================================================================= Title: OpenX Ad Server CSRF Vulnerability Product: OpenX Ad Server Vulnerable version: 2.8.7 and probably earlier versions Fixed version: N/A Impact:...
Orbit Open Ad Server 1.1.0 - SQL Injection
No description provided by source...
Multiple Ad Server Solutions Products 'logon_processing.jsp' SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32782/info Multiple Ad Server Solutions products are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allo...
OpenX Source Unsupported Software Detection
OpenX Source, an open source ad server application is no longer maintained and is unsupported by the vendor. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. %NASLMINLEVEL 70300 C...
SQL Injection in Orbit Open Ad Server
Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor Patch: March 21, 2014 Public Disclosure: Apri...
CVE-2014-2540
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the sitedirectorysortfield parameter to guest/sitedirectory...
Sql injection
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the sitedirectorysortfield parameter to guest/sitedirectory...
CVE-2014-2540
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the sitedirectorysortfield parameter to guest/sitedirectory...
CVE-2014-2540
CVE-2014-2540 describes a SQL Injection in Orbit Open Ad Server (OrbitScripts) via the site_directory_sort_field parameter in guest/site_directory. Affected: Orbit Open Ad Server 1.1.0 and probably earlier. Vulnerability type: CWE-89 SQL injection that can lead to arbitrary SQL execution. Root ca...