Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities found for Openads by Openads
JVNDB-2007-000074
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
phpAdsNew cross-site scripting vulnerability
Details
phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability.
Note that phpAdsNew is now called "Openads."
The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability.
- phpPgAds 2.0.9-pr1 and earlier
- Max Media Manager v0.1.29-rc and earlier
- Max Media Manager v0.3.30-alpha and earlier
All users of these products are encouraged to update to the latest versions provided by the developer.
The updated versions of each product are listed below:
- The updated version of phpAdsNew 2.0.9-pr1 is Openads 2.0.10.
- The updated version of phpPgAds 2.0.9-pr1 is Openads for PostgreSQL 2.0.10.
- The updated version of Max Media Manager v0.1.29-rc and v0.3.30-alpha is Openads 2.3.31.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000074.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability.\r\n\r\nNote that phpAdsNew is now called \"Openads.\"\r\n\r\nThe products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability.\r\n\r\n- phpPgAds 2.0.9-pr1 and earlier\r\n- Max Media Manager v0.1.29-rc and earlier\r\n- Max Media Manager v0.3.30-alpha and earlier\r\nAll users of these products are encouraged to update to the latest versions provided by the developer.\r\n\r\nThe updated versions of each product are listed below:\r\n\r\n- The updated version of phpAdsNew 2.0.9-pr1 is Openads 2.0.10.\r\n- The updated version of phpPgAds 2.0.9-pr1 is Openads for PostgreSQL 2.0.10.\r\n- The updated version of Max Media Manager v0.1.29-rc and v0.3.30-alpha is Openads 2.3.31.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000074.html",
"sec:cpe": {
"#text": "cpe:/a:openads:openads",
"@product": "Openads",
"@vendor": "Openads",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN07274813/index.html",
"@id": "JVN#07274813",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0477",
"@id": "CVE-2007-0477",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0477",
"@id": "CVE-2007-0477",
"@source": "NVD"
}
],
"title": "phpAdsNew cross-site scripting vulnerability"
}
CVE-2008-0635 (GCVE-0-2008-0635)
Vulnerability from nvd – Published: 2008-02-06 20:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27603 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/487486/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/28790 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3620 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27603",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27603",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0635",
"datePublished": "2008-02-06T20:00:00.000Z",
"dateReserved": "2008-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2046 (GCVE-0-2007-2046)
Vulnerability from nvd – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
Summary
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://sourceforge.net/forum/forum.php?forum_id=685278 | x_refsource_CONFIRM |
| http://forum.openads.org/index.php?showtopic=5034… | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/24876 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1364 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=685278",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"name": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136",
"refsource": "CONFIRM",
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500343",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2046",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:50.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2047 (GCVE-0-2007-2047)
Vulnerability from nvd – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
Summary
CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://forum.openads.org/index.php?showtopic=5034… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1365 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136",
"refsource": "CONFIRM",
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2047",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:50.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0477 (GCVE-0-2007-0477)
Vulnerability from nvd – Published: 2007-01-25 00:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/458197/100… | mailing-listx_refsource_BUGTRAQ |
| http://jvn.jp/jp/JVN%2307274813/index.html | third-party-advisoryx_refsource_JVN |
| http://osvdb.org/32926 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/457990/100… | mailing-listx_refsource_BUGTRAQ |
| http://forum.openads.org/index.php?showtopic=503412651 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/458296/100… | mailing-listx_refsource_BUGTRAQ |
| https://developer.openads.org/browser/branches/ma… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/0315 | vdb-entryx_refsource_VUPEN |
Date Public
2007-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"refsource": "OSVDB",
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"name": "http://forum.openads.org/index.php?showtopic=503412651",
"refsource": "MISC",
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"name": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw",
"refsource": "CONFIRM",
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0477",
"datePublished": "2007-01-25T00:00:00.000Z",
"dateReserved": "2007-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0363 (GCVE-0-2007-0363)
Vulnerability from nvd – Published: 2007-01-19 01:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23720 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/22124 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/0240 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23720"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22124"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0363",
"datePublished": "2007-01-19T01:00:00.000Z",
"dateReserved": "2007-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0635 (GCVE-0-2008-0635)
Vulnerability from cvelistv5 – Published: 2008-02-06 20:00 – Updated: 2024-08-07 07:54
VLAI
Summary
Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27603 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/487486/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/28790 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3620 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27603",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27603",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27603"
},
{
"name": "20080204 [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487486/100/0/threaded"
},
{
"name": "28790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28790"
},
{
"name": "3620",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0635",
"datePublished": "2008-02-06T20:00:00.000Z",
"dateReserved": "2008-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:54:22.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2046 (GCVE-0-2007-2046)
Vulnerability from cvelistv5 – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
Summary
Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://sourceforge.net/forum/forum.php?forum_id=685278 | x_refsource_CONFIRM |
| http://forum.openads.org/index.php?showtopic=5034… | x_refsource_CONFIRM |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://secunia.com/advisories/24876 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1364 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=685278",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=685278"
},
{
"name": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136",
"refsource": "CONFIRM",
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500343",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500343"
},
{
"name": "24876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24876"
},
{
"name": "ADV-2007-1364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2046",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:50.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2047 (GCVE-0-2007-2047)
Vulnerability from cvelistv5 – Published: 2007-04-16 22:00 – Updated: 2024-08-07 13:23
VLAI
Summary
CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://forum.openads.org/index.php?showtopic=5034… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/1365 | vdb-entryx_refsource_VUPEN |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136",
"refsource": "CONFIRM",
"url": "http://forum.openads.org/index.php?showtopic=503413399\u0026pid=39136"
},
{
"name": "ADV-2007-1365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2047",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:50.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0477 (GCVE-0-2007-0477)
Vulnerability from cvelistv5 – Published: 2007-01-25 00:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/458197/100… | mailing-listx_refsource_BUGTRAQ |
| http://jvn.jp/jp/JVN%2307274813/index.html | third-party-advisoryx_refsource_JVN |
| http://osvdb.org/32926 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/457990/100… | mailing-listx_refsource_BUGTRAQ |
| http://forum.openads.org/index.php?showtopic=503412651 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/458296/100… | mailing-listx_refsource_BUGTRAQ |
| https://developer.openads.org/browser/branches/ma… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/0315 | vdb-entryx_refsource_VUPEN |
Date Public
2007-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070126 [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458197/100/100/threaded"
},
{
"name": "JVN#07274813",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2307274813/index.html"
},
{
"name": "32926",
"refsource": "OSVDB",
"url": "http://osvdb.org/32926"
},
{
"name": "20070124 [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457990/100/200/threaded"
},
{
"name": "http://forum.openads.org/index.php?showtopic=503412651",
"refsource": "MISC",
"url": "http://forum.openads.org/index.php?showtopic=503412651"
},
{
"name": "20070127 Re: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458296/100/100/threaded"
},
{
"name": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw",
"refsource": "CONFIRM",
"url": "https://developer.openads.org/browser/branches/max/trunk/CHANGELOG.txt?format=raw"
},
{
"name": "ADV-2007-0315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0477",
"datePublished": "2007-01-25T00:00:00.000Z",
"dateReserved": "2007-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0363 (GCVE-0-2007-0363)
Vulnerability from cvelistv5 – Published: 2007-01-19 01:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/23720 | third-party-advisoryx_refsource_SECUNIA |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/22124 | vdb-entryx_refsource_BID |
| http://sourceforge.net/project/shownotes.php?grou… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/0240 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23720"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=11386\u0026release_id=479424"
},
{
"name": "22124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22124"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=479426"
},
{
"name": "ADV-2007-0240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0240"
},
{
"name": "openads-unspecified-xss(31570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31570"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0363",
"datePublished": "2007-01-19T01:00:00.000Z",
"dateReserved": "2007-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:30.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}