CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third...

Google ad for Facebook redirects to scam

Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brand...

Simple 301 Redirects < 2.0.8 - Cross-Site Request Forgery via 'clicked'

Description The Simple 301 Redirects plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the 'clicked' function. This makes it possible for unauthenticated attackers to enable or disable...

Threat actors strive to cause Tax Day headaches

Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but ...

R4Ven - Track Ip And GPS Location

Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location latitude and longitude of the target along with IP Address and Device Information. This tool is a Proof of...

WordPress ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers plugin <= 1.169 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers plugin versions = 1.169. Solution No patched version available...

WordPress affiliate Manager WordPress plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress plugin Affiliates Manager prior to...

CVE-2021-25078

The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress plugin Affiliates Manager prior to...

Revive Adserver Input Validation Error Vulnerability (CNVD-2021-23389)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. An input validation error vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from an...

Revive Adserver: Open redirect in ck.php and lg.php

An opportunity for open redirects has been available by design since the early versions of Revive Adserver's predecessors in the impression and click tracking scripts to allow third party ad servers to track such metrics when delivering ads. Historically the display advertising industry has...

FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...

OpenX 2.8.10 Cross Site Scripting / SQL Injection Vulnerabilities

OpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit...

Edgephp Clickbank Affiliate Marketplace SQL Injection / Cross Site Scripting

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...

Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities

Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r...

Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...