200 matches found
CVE-2013-7149
CVE-2013-7149 describes a SQL injection in Revive Adserver’s XML-RPC delivery script (www/delivery/axmlrpc.php) via the what parameter, affecting Revive Adserver <= 3.0.1 and OpenX Source
FreeBSD : OpenX -- SQL injection vulnerability (3e33a0bb-6b2f-11e3-b042-20cf30e32f6d)
Revive reports : A SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...
VulnCheck KEV: CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
OpenX -- SQL injection vulnerability
Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...
OpenX Ad Server Backdoor PHP Code Execution (CVE-2013-4211)
A Code Execution vulnerability has been reported in OpenX Ad Server. The vulnerability is due to the existence of a backdoor within the flowplayer-3.1.1.min.js library. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could...
openx 2.8.10 /lib/max/Delivery/common.php 后门漏洞
No description provided by source...
OpenX 2.8.10 Cross Site Scripting / SQL Injection Vulnerabilities
OpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit...
OpenX 2.8.10 Cross Site Scripting / SQL Injection
Exploit Title: OpenX 2.8.10 - Multiples Vulnerabilites Product: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Official site: http://www.openx.com Risk Level: High Exploit Author: Esac Last Checked: 12/08/2013 +----------+ | OVERVIEW | +----------+ OpenX Source is...
OpenX flowplayer-3.1.1.min.js Backdoor Remote Code Execution
The version of OpenX installed on the remote host contains a backdoor and allows the execution of arbitrary PHP code, subject to the privileges under which the web server operates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
OpenX 2.8.10 RCE
Remote code execution vulnerability in OpenX 2.8.10backdoor Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
OpenX - Backdoor PHP Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenX Backdoor PHP Code Execution',...
OpenX Backdoor PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenX Backdoor PHP Code Execution',...
OpenX Backdoor PHP Code Execution Vulnerability
OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This file is part of the Metasploit Framework and may be subject to redistribution...
OpenX 'flowplayer-3.1.1.min.js' Backdoor Vulnerability
OpenX is prone to a backdoor vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openx:openx"; ifdescription...
OpenX Releases Security Update
OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...
OpenX Backdoor PHP Code Execution
OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This module requires Metasploit: https://metasploit.com/download Current source:...
OpenX Advertising Network hacked and backdoor Injected
OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team CERT this week about the OpenX...
OpenX Advertising Network hacked and backdoor Injected
OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server. German tech site the Heise notified Germany's computer emergency response team CERT this week about the OpenX...
CVE-2013-3515
Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...