108 matches found
Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability
Exploit for unknown platform in category web applications ================================================================= Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability ================================================================= Vulnerable: phpAdsNew phpAdsNew 2.0.8 -pr...
(Multiple Products) - banner.swf Cross-Site Scripting
Multiple Products - banner.swf Cross-Site Scripting source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
(Multiple Products) - 'banner.swf' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Vulnerability in phpAdsNew, OpenAds and OpenX
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в системах phpAdsNew, OpenAds та OpenX. В баннерных системах phpAdsNew, OpenAds и OpenX возможна XSS атака через параметр clickTAG во флеш баннерах. О подобных уязвимостях я писал в своей статье XSS уязвимости в 8 миллионах флеш...
Code Execution vulnerability in Openads
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Code Execution уязвимости в Openads. В Openads есть возможность загружать скрипты, в частности php. Что приводит к Code Execution уязвимости в том числе возможен shell upload. При загрузке баннера не проверяется его расширение. В последних версиях...
Unfixed Redirect vulnerability at clicktorrent.info
Security researcher www.r3t.n3t.nl, has submitted on 24/01/2008 a Redirect vulnerability affecting clicktorrent.info, which at the time of submission ranked 14952 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is currently...
OpenAds Lib-RemoteHost.INC.PHP远程文件包含漏洞
OpenAds是一款基于PHP的WEB应用程序。 OpenAds不正确过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是脚本'Lib-RemoteHost.INC.PHP'对用户提交的'phpAdsgeoPlugin'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以WEB权限执行任意命令。 phpAdsNew phpAdsNew 2.0.8 -pr1 phpAdsNew phpAdsNew 2.0.8 phpAdsNew phpAdsNew 2.0.7 rc1 phpAdsNew phpAdsNew 2.0.7 phpAdsNew...
Openads (PHPAdsNew) 2.0.8 - lib-remotehost.inc.php Remote File Inclusion
Openads PHPAdsNew 2.0.8 - lib-remotehost.inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/25277/info Openads formerly known as phpAdsNew is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may...
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/25277/info Openads formerly known as phpAdsNew is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying syste...
CVE-2007-2046
Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...
CVE-2007-2046
CVE-2007-2046 affects Openads (phpAdsNew) 2.0.11 and earlier and Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier. The vulnerability arises from CRLF injection in adclick.php, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in ...
[OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed
======================================================================== Openads security advisory OPENADS-SA-2007-002 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2007-002 Date: 2007-Jan-25 Security risk: low risk Applications affetced: Max Med...
Cross site scripting
Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...
CVE-2007-0477
Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...
CVE-2007-0477
Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...
CVE-2007-0486
Openads (aka phpAdsNew) 2.0.7 contains multiple PHP remote file inclusion vulnerabilities that allow remote attackers to execute arbitrary PHP code. The affected vectors are: (1) the phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, (2) the filename parameter to admin/report-index, and ...
CVE-2007-0477
The CVE-2007-0477 entry concerns an XSS vulnerability in Openads 2.0.x (pre-2.0.10) and 2.3 (pre-2.3.31, also known as Max Media Manager pre-0.3.31-alpha-pr2) and in phpAdsNew/phpPgAds before 2.0.9-pr1. The issue allows remote attackers to inject arbitrary web script/HTML via two parameters: the ...
phpAdsNew 2.0.7 Remote File Include
----------------------------------------------- phpAdsNew 2.0.7 Remote File Include ----------------------------------------------- Author: Alkmandz ----------------------------------------------- Vuln Code: includeonce $phpAdsgeoPlugin; ....................... function...
JVN#07274813 phpAdsNew cross-site scripting vulnerability
The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...
CVE-2007-0363
CVE-2007-0363 is an XSS vulnerability described in the primary CVE entry. Affected products are Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and Openads (aka phpAdsNew) before 2.0.10. The issue occurs in admin-search.php and allows remote attackers to inject arbitrary web script or HTML vi...