Lucene search
K

108 matches found

0day.today
0day.today
added 2010/03/16 12:0 a.m.20 views

Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability

Exploit for unknown platform in category web applications ================================================================= Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability ================================================================= Vulnerable: phpAdsNew phpAdsNew 2.0.8 -pr...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/03/15 12:0 a.m.11 views

(Multiple Products) - banner.swf Cross-Site Scripting

Multiple Products - banner.swf Cross-Site Scripting source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

Exploits0
Exploit DB
Exploit DB
added 2010/03/15 12:0 a.m.14 views

(Multiple Products) - 'banner.swf' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/02/12 12:0 a.m.62 views

Vulnerability in phpAdsNew, OpenAds and OpenX

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в системах phpAdsNew, OpenAds та OpenX. В баннерных системах phpAdsNew, OpenAds и OpenX возможна XSS атака через параметр clickTAG во флеш баннерах. О подобных уязвимостях я писал в своей статье XSS уязвимости в 8 миллионах флеш...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.43 views

Code Execution vulnerability in Openads

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Code Execution уязвимости в Openads. В Openads есть возможность загружать скрипты, в частности php. Что приводит к Code Execution уязвимости в том числе возможен shell upload. При загрузке баннера не проверяется его расширение. В последних версиях...

7.6AI score
Exploits0
xssed
xssed
added 2008/01/24 12:0 a.m.10 views

Unfixed Redirect vulnerability at clicktorrent.info

Security researcher www.r3t.n3t.nl, has submitted on 24/01/2008 a Redirect vulnerability affecting clicktorrent.info, which at the time of submission ranked 14952 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is currently...

Exploits0References1
seebug.org
seebug.org
added 2007/08/15 12:0 a.m.33 views

OpenAds Lib-RemoteHost.INC.PHP远程文件包含漏洞

OpenAds是一款基于PHP的WEB应用程序。 OpenAds不正确过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是脚本'Lib-RemoteHost.INC.PHP'对用户提交的'phpAdsgeoPlugin'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以WEB权限执行任意命令。 phpAdsNew phpAdsNew 2.0.8 -pr1 phpAdsNew phpAdsNew 2.0.8 phpAdsNew phpAdsNew 2.0.7 rc1 phpAdsNew phpAdsNew 2.0.7 phpAdsNew...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/08/11 12:0 a.m.19 views

Openads (PHPAdsNew) 2.0.8 - lib-remotehost.inc.php Remote File Inclusion

Openads PHPAdsNew 2.0.8 - lib-remotehost.inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/25277/info Openads formerly known as phpAdsNew is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may...

Exploits0
Exploit DB
Exploit DB
added 2007/08/11 12:0 a.m.30 views

Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/25277/info Openads formerly known as phpAdsNew is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying syste...

7AI score
Exploits0
NVD
NVD
added 2007/04/16 10:19 p.m.16 views

CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...

7.5CVSS7.2AI score0.01402EPSS
Exploits0References5
CVE
CVE
added 2007/04/16 10:0 p.m.53 views

CVE-2007-2046

CVE-2007-2046 affects Openads (phpAdsNew) 2.0.11 and earlier and Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier. The vulnerability arises from CRLF injection in adclick.php, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in ...

7.5CVSS7.2AI score0.01402EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2007/01/28 12:0 a.m.53 views

[OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed

======================================================================== Openads security advisory OPENADS-SA-2007-002 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2007-002 Date: 2007-Jan-25 Security risk: low risk Applications affetced: Max Med...

Exploits0
Prion
Prion
added 2007/01/25 12:28 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...

6.8CVSS6AI score0.01433EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/01/25 12:28 a.m.17 views

CVE-2007-0477

Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...

6.8CVSS5.6AI score0.01433EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/01/25 12:0 a.m.25 views

CVE-2007-0477

Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...

5.6AI score0.01433EPSS
Exploits0References8
CVE
CVE
added 2007/01/25 12:0 a.m.49 views

CVE-2007-0486

Openads (aka phpAdsNew) 2.0.7 contains multiple PHP remote file inclusion vulnerabilities that allow remote attackers to execute arbitrary PHP code. The affected vectors are: (1) the phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, (2) the filename parameter to admin/report-index, and ...

7.5CVSS7.6AI score0.01766EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/01/25 12:0 a.m.50 views

CVE-2007-0477

The CVE-2007-0477 entry concerns an XSS vulnerability in Openads 2.0.x (pre-2.0.10) and 2.3 (pre-2.3.31, also known as Max Media Manager pre-0.3.31-alpha-pr2) and in phpAdsNew/phpPgAds before 2.0.9-pr1. The issue allows remote attackers to inject arbitrary web script/HTML via two parameters: the ...

6.8CVSS5.7AI score0.01433EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.157 views

phpAdsNew 2.0.7 Remote File Include

----------------------------------------------- phpAdsNew 2.0.7 Remote File Include ----------------------------------------------- Author: Alkmandz ----------------------------------------------- Vuln Code: includeonce $phpAdsgeoPlugin; ....................... function...

1.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/22 12:0 a.m.29 views

JVN#07274813 phpAdsNew cross-site scripting vulnerability

The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...

7AI score
Exploits0
CVE
CVE
added 2007/01/19 1:0 a.m.40 views

CVE-2007-0363

CVE-2007-0363 is an XSS vulnerability described in the primary CVE entry. Affected products are Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and Openads (aka phpAdsNew) before 2.0.10. The issue occurs in admin-search.php and allows remote attackers to inject arbitrary web script or HTML vi...

6.8CVSS5.7AI score0.01356EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder