22 matches found
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick...
EUVD-2014-8579
Malware in sbrugna...
CVE-2014-8748
Cross-site scripting XSS vulnerability in the Google Doubleclick for Publishers DFP module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name...
DRUPAL-CONTRIB-2022-035
Doubleclick for Publishers DFP module enables a site to place ads from Doubleclick For Publishers. The module doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting XSS vulnerabilities. An attacker that can create or edit certain entities may be able to exploit a...
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it’s not going to go away anytime...
ThreatList: Google's Advertising Network Dominates Global Data Collection
When it comes to data collection, Google’s combined arsenal of advertising tools and services continue to help it dominate at a global level. Close behind are AOL Advertising, Moat and AppNexus. Each are singled out by researchers in new report that brings to mind the privacy-busting quote, “If...
Who and What Is Coinhive?
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive's computer code to be used on hacked Web sites to steal the processing power of its visitors' devices. This post looks at how Coinhive...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Doubleclick for Publishers Module
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. Multiple cross-site scripting vulnerabilities exist in the Drupal Doubleclick for Publishers module. The vulnerabilities can be exploited to execute arbitrary script code ...
adclick.g.doubleclick.net Open Redirect vulnerability
Open Bug Bounty ID: OBB-135288 Description| Value ---|--- Affected Website:| adclick.g.doubleclick.net Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat...
cm.g.doubleclick.net Open Redirect vulnerability
Open Bug Bounty ID: OBB-121238 Description| Value ---|--- Affected Website:| cm.g.doubleclick.net Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...
bid.g.doubleclick.net vulnerability
Vulnerable URL: http://bid.g.doubleclick.net/xbbe/creative/click?r1=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:|...
CVE-2014-8748
Cross-site scripting XSS vulnerability in the Google Doubleclick for Publishers DFP module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name...
Cross site scripting
Cross-site scripting XSS vulnerability in the Google Doubleclick for Publishers DFP module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name...
CVE-2014-8748
CVE-2014-8748 is a Drupal DFP (Doubleclick for Publishers) module XSS vulnerability in the 7.x-1.x line, where unsanitized slot names output to HTML allows remote authenticated users with the administer dfp permission to inject arbitrary script or HTML. The affected versions are DFP 7.x-1.x prior...
CVE-2014-8748
Cross-site scripting XSS vulnerability in the Google Doubleclick for Publishers DFP module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name...
Malicious Google DoubleClick Advertisements Distributed Malware to Millions of Computers
Cyber criminals have exploited the power of two online advertising networks, Google's DoubleClick and popular Zedo advertising agency, to deliver malicious advertisements to millions of internet users that could install malware on a user's computer. A recent report published by the researcher of...
SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)
This module enables you to create blocks to place advertisements from the Google Double Click for Publishers API DFP. The module doesn't sufficiently sanitize the slot names prior to output into HTML. This vulnerability is mitigated by the fact that an attacker must have a role with the permissio...
Google Pays $17 Million to Settle Privacy Violations
Thirty-seven states are claiming a privacy victory against Google and will split a $17 million settlement from the search giant. Google, which generated $2.97 billion in online advertising revenue in the third quarter, was deliberately bypassing default privacy settings in Apple’s Safari browser ...
Google Settles With FTC Over Tracking Cookies, Pays $22.5M Fine
Google has agreed to pay a $22.5 million fine to the Federal Trade Commission to settle charges that the company set tracking cookies on the machines of Safari users, after saying that it would not use such tracking measures or serve targeted ads to the users. The FTC investigation began after a...
Major Ad Networks Found Serving Malicious Ads
Two major online ad networks–DoubleClick and MSN–were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of...