Lucene search
+L

200 matches found

CVE
CVE
added 2013/12/28 2:0 a.m.64 views

CVE-2013-7149

CVE-2013-7149 describes a SQL injection in Revive Adserver’s XML-RPC delivery script (www/delivery/axmlrpc.php) via the what parameter, affecting Revive Adserver <= 3.0.1 and OpenX Source

7.5CVSS8.5AI score0.02011EPSS
Exploits1References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/12/23 12:0 a.m.39 views

FreeBSD : OpenX -- SQL injection vulnerability (3e33a0bb-6b2f-11e3-b042-20cf30e32f6d)

Revive reports : A SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...

7.5CVSS5.5AI score0.02011EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2013/12/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

7.5CVSS6.2AI score0.02011EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/12/20 12:0 a.m.41 views

OpenX -- SQL injection vulnerability

Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...

7.5CVSS6.7AI score0.02011EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2013/11/03 12:0 a.m.54 views

OpenX Ad Server Backdoor PHP Code Execution (CVE-2013-4211)

A Code Execution vulnerability has been reported in OpenX Ad Server. The vulnerability is due to the existence of a backdoor within the flowplayer-3.1.1.min.js library. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could...

7.5CVSS9.3AI score0.76415EPSS
Exploits5
seebug.org
seebug.org
added 2013/09/05 12:0 a.m.32 views

openx 2.8.10 /lib/max/Delivery/common.php 后门漏洞

No description provided by source...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/08/18 12:0 a.m.36 views

OpenX 2.8.10 Cross Site Scripting / SQL Injection Vulnerabilities

OpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit...

7.9AI score
Exploits0
Packet Storm
Packet Storm
added 2013/08/15 12:0 a.m.28 views

OpenX 2.8.10 Cross Site Scripting / SQL Injection

Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit Author: Esac Last Checked: 12/08/2013 +----------+ | OVERVIEW | +----------+ OpenX Source is...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/08/15 12:0 a.m.78 views

OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution

The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

9.8CVSS8.8AI score0.76415EPSS
Exploits5References2
Dsquare
Dsquare
added 2013/08/13 12:0 a.m.81 views

OpenX 2.8.10 RCE

Remote code execution vulnerability in OpenX 2.8.10backdoor Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/08/12 12:0 a.m.64 views

OpenX - Backdoor PHP Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenX Backdoor PHP Code Execution',...

9.8CVSS7AI score0.76415EPSS
Exploits5
Packet Storm
Packet Storm
added 2013/08/09 12:0 a.m.47 views

OpenX Backdoor PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenX Backdoor PHP Code Execution',...

0.2AI score0.76415EPSS
Exploits5
0day.today
0day.today
added 2013/08/09 12:0 a.m.63 views

OpenX Backdoor PHP Code Execution Vulnerability

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This file is part of the Metasploit Framework and may be subject to redistribution...

9.2AI score0.76415EPSS
Exploits5
OpenVAS
OpenVAS
added 2013/08/09 12:0 a.m.78 views

OpenX 'flowplayer-3.1.1.min.js' Backdoor Vulnerability

OpenX is prone to a backdoor vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openx:openx"; ifdescription...

9.8CVSS9.6AI score0.76415EPSS
Exploits5References2
CISA
CISA
added 2013/08/08 12:0 a.m.18 views

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

7.3AI score
Exploits0References3
Metasploit
Metasploit
added 2013/08/07 10:24 p.m.59 views

OpenX Backdoor PHP Code Execution

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS7AI score0.76415EPSS
Exploits5
The Hacker News
The Hacker News
added 2013/08/07 5:7 p.m.8 views

OpenX Advertising Network hacked and backdoor Injected

OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team CERT this week about the OpenX...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2013/08/07 6:7 a.m.28 views

OpenX Advertising Network hacked and backdoor Injected

OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team CERT this week about the OpenX...

7.4AI score
Exploits0
NVD
NVD
added 2013/07/29 11:27 p.m.26 views

CVE-2013-3515

Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...

4.3CVSS5.7AI score0.04226EPSS
Exploits5References9
Prion
Prion
added 2013/07/29 11:27 p.m.26 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...

4.3CVSS6AI score0.04226EPSS
Exploits5References9Affected Software1
Rows per page
Query Builder