Lucene search
K

9 matches found

NVD
NVD
added 2026/06/18 8:16 a.m.11 views

CVE-2026-12102

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'userid' parameter due to missing validation on a user controlled key...

2.7CVSS0.0028EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS6.9AI score0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/20 9:30 p.m.4 views

EUVD-2025-198332

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS6.8AI score0.00281EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.5 views

PT-2025-47620

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS6.8AI score0.00281EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/10/27 5:29 p.m.10 views

Revive Adserver: IDOR Vulnerability in Banner Deletion

Summary I found an IDOR vulnerability in Revive Adserver's banner deletion endpoint that lets any Manager delete banners belonging to other Managers. The code validates access to the parent campaign but doesn't check if the user owns the specific banner being deleted. This means Manager A can...

7.1CVSS7.3AI score0.00281EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-5786

Malware in sbrugna...

6.8CVSS6.2AI score0.03099EPSS
Exploits2References10
Prion
Prion
added 2014/04/25 2:15 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete 1 users via admin/agency-user-unlink.php, 2 advertisers via admin/advertiser-delete.php, 3 banners via...

6.8CVSS7.8AI score0.03099EPSS
Exploits2References7Affected Software2
securityvulns
securityvulns
added 2003/06/04 12:0 a.m.36 views

Galich , phpAds

http://www.sait.lv/phpAds/viewbanner.php3?bannerID=21 i mi vidim banner zaciklivajem vot eto : http://www.sait.lv/phpAds/bannerdelete.php3?bannerID=22 naprimer: Ctrl+R IE nu i smotrim opjatj http://www.sait.lv/phpAds/viewbanner.php3?bannerID=21 a baner prostil ; zlaja shutka ; mozno sozdatj formu...

0.1AI score
Exploits0
Rows per page
Query Builder