2 matches found
CVE-2020-7383 SQL Injection in Rapid7 Nexpose
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access...
OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net
Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the insecure file upload...