48 matches found
EUVD-2005-2637
Malware in sbrugna...
EUVD-2005-3786
Malware in sbrugna...
EUVD-2005-3643
Malware in sbrugna...
EUVD-2006-5500
Malware in sbrugna...
EUVD-2005-2636
Malware in sbrugna...
EUVD-2006-1401
Malware in sbrugna...
EUVD-2005-3642
Malware in sbrugna...
Code Execution vulnerability in Openads
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Code Execution уязвимости в Openads. В Openads есть возможность загружать скрипты, в частности php. Что приводит к Code Execution уязвимости в том числе возможен shell upload. При загрузке баннера не проверяется его расширение. В последних версиях...
phpAdsNew cross-site scripting vulnerability
Overview phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability. Note that phpAdsNew is now called "Openads." The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. - phpPgAds 2.0.9-pr1 and...
CVE-2007-2046
Multiple CRLF injection vulnerabilities in adclick.php in a Openads phpAdsNew 2.0.11 and earlier and b Openads for PostgreSQL phpPgAds 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in 1 the dest parameter...
CVE-2007-2046
CVE-2007-2046 affects Openads (phpAdsNew) 2.0.11 and earlier and Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier. The vulnerability arises from CRLF injection in adclick.php, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via CRLF sequences in ...
Cross site scripting
Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...
CVE-2007-0477
Cross-site scripting XSS vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 aka Max Media Manager before 0.3.31-alpha-pr2, and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in admin-search.php and 2...
CVE-2007-0477
The CVE-2007-0477 entry concerns an XSS vulnerability in Openads 2.0.x (pre-2.0.10) and 2.3 (pre-2.3.31, also known as Max Media Manager pre-0.3.31-alpha-pr2) and in phpAdsNew/phpPgAds before 2.0.9-pr1. The issue allows remote attackers to inject arbitrary web script/HTML via two parameters: the ...
JVN#07274813 phpAdsNew cross-site scripting vulnerability
The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. All users of these products are encouraged to update to the latest versions provided by the developer. phpPgAds 2.0.9-pr1 and earlier Max Media Manager v0.1.29-rc and earlier Max Media...
CVE-2006-5515
Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...
CVE-2006-5515
CVE-2006-5515 is a stored XSS vulnerability in the lib-history.inc.php component of phpAdsNew and phpPgAds up to version 2.0.8-pr1 . The issue allows remote attackers to inject arbitrary web script via vectors related to data stored by a delivery script and displayed in the admin interface. Affec...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...
CVE-2006-1397
Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...
CVE-2006-1397
CVE-2006-1397 affects phpAdsNew and phpPgAds prior to 2.0.8. The vulnerability is cross-site scripting (XSS) via parameters passed to the banner delivery module (not properly sanitized in the admin interface) or via parameters to the login form. The issue allows remote attackers to inject arbitra...