Search criteria
39 vulnerabilities found for openx by openx
FKIE_CVE-2013-4211
Vulnerability from fkie_nvd - Published: 2020-02-14 20:15 - Updated: 2024-11-21 01:55
Severity ?
Summary
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
},
{
"lang": "es",
"value": "Se presenta una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo en OpenX Ad Server versi\u00f3n 2.8.10, debido a un backdoor en la biblioteca flowplayer-3.1.1.min.js, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo PHP arbitrario."
}
],
"id": "CVE-2013-4211",
"lastModified": "2024-11-21T01:55:08.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-14T20:15:09.650",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2230
Vulnerability from fkie_nvd - Published: 2014-10-23 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la funci\u00f3n header en adclick.php en OpenX 2.8.10 y anteriores permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en (1) el par\u00e1metro dest en adclick.php o (2) el par\u00e1metro _maxdest en ck.php."
}
],
"evaluatorComment": "\u003ca href = \"http://cwe.mitre.org/data/definitions/601.html\"\u003e CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) \u003c/a\u003e",
"id": "CVE-2014-2230",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-23T14:55:02.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7376
Vulnerability from fkie_nvd - Published: 2014-05-14 19:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en OpenX 2.8.10, posiblemente anterior a revisi\u00f3n 82710, permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, como fue demostrado por solicitudes que realizan ataques de salto de directorio a trav\u00e9s del par\u00e1metro group hacia (1) plugin-preferences.php o (2) plugin-settings.php en www/admin, una vulnerabilidad diferente a CVE-2013-3514."
}
],
"id": "CVE-2013-7376",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-14T19:55:10.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3514
Vulnerability from fkie_nvd - Published: 2014-05-14 19:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.4 | |
| openx | openx | 2.4.4 | |
| openx | openx | 2.4.5 | |
| openx | openx | 2.4.6 | |
| openx | openx | 2.4.7 | |
| openx | openx | 2.4.8 | |
| openx | openx | 2.4.9 | |
| openx | openx | 2.4.10 | |
| openx | openx | 2.4.11 | |
| openx | openx | 2.6.0 | |
| openx | openx | 2.6.1 | |
| openx | openx | 2.6.2 | |
| openx | openx | 2.6.3 | |
| openx | openx | 2.6.4 | |
| openx | openx | 2.6.5 | |
| openx | openx | 2.7.29 | |
| openx | openx | 2.8 | |
| openx | openx | 2.8.1 | |
| openx | openx | 2.8.2 | |
| openx | openx | 2.8.3 | |
| openx | openx | 2.8.4 | |
| openx | openx | 2.8.5 | |
| openx | openx | 2.8.6 | |
| openx | openx | 2.8.7 | |
| openx | openx | 2.8.8 | |
| openx | openx | 2.8.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B69A60AF-6FA2-4527-9317-58C581473C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53251C77-AED4-40CB-995F-0545148A458E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2330F4FE-F861-4244-A160-DAB37BE2A1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B997A54E-7F45-4656-A3A7-637547DFEFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9A46B6-B245-493A-B5EC-B9B8508BD9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F560C0FD-8584-4686-B869-487498BFDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5401151-C5A7-4F70-8378-F02BD14C1A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2FF584-3585-4019-A8AF-04D193022EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "679F1054-9AC8-477B-A7C7-156C82C3D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "290E79D9-5AF4-4D24-877F-2B357156381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5592CDF8-CF2A-4514-83D7-17A47715921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9007BE21-FF62-4294-A92A-05F45F731FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2F123E-B39B-4A54-9575-2E4EF1BB1A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en OpenX anterior a 2.8.10 revisi\u00f3n 82710 permite a administradores remotos leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro group hacia (1) plugin-preferences.php o (2) plugin-settings.php en www/admin, una vulnerabilidad diferente a CVE-2013-7376. NOTA: esto puede ser aprovechado utilizando CSRF para permitir a atacantes remotos no autenticados leer archivos arbitrarios."
}
],
"id": "CVE-2013-3514",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T19:55:09.277",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5954
Vulnerability from fkie_nvd - Published: 2014-04-25 14:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC4AD4-6377-4113-B74C-77FEAE01EF5D",
"versionEndIncluding": "3.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en OpenX 2.8.11 y anteriores permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que eliminan (1) usuarios a trav\u00e9s de admin/agency-user-unlink.php, (2) anunciantes a trav\u00e9s de admin/advertiser-delete.php, (3) banners a trav\u00e9s de admin/banner-delete.php, (4) campa\u00f1as a trav\u00e9s de admin/campaign-delete.php, (5) canales a trav\u00e9s de admin/channel-delete.php, (6) sitios web afiliados a trav\u00e9s de admin/affiliate-delete.php o (7) zonas a trav\u00e9s de admin/zone-delete.php."
}
],
"id": "CVE-2013-5954",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T14:15:30.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "cve@mitre.org",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7149
Vulnerability from fkie_nvd - Published: 2013-12-28 04:53 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.8.10 | |
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2957BC4-6065-450A-A60E-C914B7B82ED6",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A9DBF-E65E-43A6-B1BA-082A3FCB2A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en www / entrega / axmlrpc.php (tambi\u00e9n conocido como el XML-RPC invocaci\u00f3n de entrega de script) en Revive Adserver antes de 3.0.2, y OpenX Fuente 2.8.11 y anteriores, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro de lo que a un m\u00e9todo de XML-RPC."
}
],
"id": "CVE-2013-7149",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3515
Vulnerability from fkie_nvd - Published: 2013-07-29 23:27 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.4 | |
| openx | openx | 2.4.4 | |
| openx | openx | 2.4.5 | |
| openx | openx | 2.4.6 | |
| openx | openx | 2.4.7 | |
| openx | openx | 2.4.8 | |
| openx | openx | 2.4.9 | |
| openx | openx | 2.4.10 | |
| openx | openx | 2.4.11 | |
| openx | openx | 2.6.0 | |
| openx | openx | 2.6.1 | |
| openx | openx | 2.6.2 | |
| openx | openx | 2.6.3 | |
| openx | openx | 2.6.4 | |
| openx | openx | 2.6.5 | |
| openx | openx | 2.7.29 | |
| openx | openx | 2.8 | |
| openx | openx | 2.8.1 | |
| openx | openx | 2.8.2 | |
| openx | openx | 2.8.3 | |
| openx | openx | 2.8.4 | |
| openx | openx | 2.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B69A60AF-6FA2-4527-9317-58C581473C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53251C77-AED4-40CB-995F-0545148A458E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2330F4FE-F861-4244-A160-DAB37BE2A1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B997A54E-7F45-4656-A3A7-637547DFEFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9A46B6-B245-493A-B5EC-B9B8508BD9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F560C0FD-8584-4686-B869-487498BFDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5401151-C5A7-4F70-8378-F02BD14C1A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2FF584-3585-4019-A8AF-04D193022EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "679F1054-9AC8-477B-A7C7-156C82C3D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "290E79D9-5AF4-4D24-877F-2B357156381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5592CDF8-CF2A-4514-83D7-17A47715921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9007BE21-FF62-4294-A92A-05F45F731FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2F123E-B39B-4A54-9575-2E4EF1BB1A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en OpenX Source 2.8.10 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de lso par\u00e1metros (1) package a www/admin/plugin-index.php o (2) group a www/admin/plugin-settings.php."
}
],
"id": "CVE-2013-3515",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T23:27:38.473",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94774"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94775"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4990
Vulnerability from fkie_nvd - Published: 2012-10-22 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admin/campaign-zone-link.php en OpenX v2.8.10 antes de la revision 81823, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ids[] en una acci\u00f3n link."
}
],
"id": "CVE-2012-4990",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-22T23:55:09.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86093"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"source": "cve@mitre.org",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4989
Vulnerability from fkie_nvd - Published: 2012-10-22 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en admin/plugin-index.php en OpenX v2.8.10 antes de la revisi\u00f3n 81823, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro parent en una acci\u00f3n info."
}
],
"id": "CVE-2012-4989",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T23:55:08.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86092"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"source": "cve@mitre.org",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4830
Vulnerability from fkie_nvd - Published: 2010-04-27 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en OpenX 2.8.1 y 2.8.2 permite a atacantes remotos evitar la autenticaci\u00f3n y obtener acceso a una cuenta de Administrador mediante vectores desconocidos, posiblemente relacionados con www/admin/install.php, www/admin/install-plugins.php y otros ficheros www/admin/ ."
}
],
"id": "CVE-2009-4830",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:01.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61300"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37914"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37457"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-4211 (GCVE-0-2013-4211)
Vulnerability from cvelistv5 – Published: 2020-02-14 19:59 – Updated: 2024-08-06 16:38
VLAI?
Summary
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
Severity ?
No CVSS data available.
CWE
- backdoor
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ad Server",
"vendor": "OpenX",
"versions": [
{
"status": "affected",
"version": "2.8.10"
}
]
}
],
"datePublic": "2013-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "backdoor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T20:02:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ad Server",
"version": {
"version_data": [
{
"version_value": "2.8.10"
}
]
}
}
]
},
"vendor_name": "OpenX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "backdoor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61650",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61650"
},
{
"name": "http://www.exploit-db.com/exploits/27529",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/08/07/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-4211",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4211",
"datePublished": "2020-02-14T19:59:06",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2230 (GCVE-0-2014-2230)
Vulnerability from cvelistv5 – Published: 2014-10-23 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2",
"refsource": "MISC",
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"name": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2230",
"datePublished": "2014-10-23T14:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7376 (GCVE-0-2013-7376)
Vulnerability from cvelistv5 – Published: 2014-05-14 19:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7376",
"datePublished": "2014-05-14T19:00:00Z",
"dateReserved": "2014-05-14T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:42.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3514 (GCVE-0-2013-3514)
Vulnerability from cvelistv5 – Published: 2014-05-14 19:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3514",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5954 (GCVE-0-2013-5954)
Vulnerability from cvelistv5 – Published: 2014-04-25 10:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"name": "http://packetstormsecurity.com/files/125735",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5954",
"datePublished": "2014-04-25T10:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7149 (GCVE-0-2013-7149)
Vulnerability from cvelistv5 – Published: 2013-12-28 02:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
"refsource": "MISC",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"name": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7149",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3515 (GCVE-0-2013-3515)
Vulnerability from cvelistv5 – Published: 2013-07-29 21:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"refsource": "OSVDB",
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"refsource": "OSVDB",
"url": "http://osvdb.org/94775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3515",
"datePublished": "2013-07-29T21:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4990 (GCVE-0-2012-4990)
Vulnerability from cvelistv5 – Published: 2012-10-22 23:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"refsource": "OSVDB",
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4990",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4989 (GCVE-0-2012-4989)
Vulnerability from cvelistv5 – Published: 2012-10-22 23:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"refsource": "OSVDB",
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4989",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4830 (GCVE-0-2009-4830)
Vulnerability from cvelistv5 – Published: 2010-04-27 15:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61300",
"refsource": "OSVDB",
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37914"
},
{
"name": "http://blog.openx.org/12/security-matters-2/",
"refsource": "CONFIRM",
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37457"
},
{
"name": "http://forum.openx.org/index.php?showtopic=503454011",
"refsource": "MISC",
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4830",
"datePublished": "2010-04-27T15:00:00Z",
"dateReserved": "2010-04-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:07.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4211 (GCVE-0-2013-4211)
Vulnerability from nvd – Published: 2020-02-14 19:59 – Updated: 2024-08-06 16:38
VLAI?
Summary
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
Severity ?
No CVSS data available.
CWE
- backdoor
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ad Server",
"vendor": "OpenX",
"versions": [
{
"status": "affected",
"version": "2.8.10"
}
]
}
],
"datePublic": "2013-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "backdoor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T20:02:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ad Server",
"version": {
"version_data": [
{
"version_value": "2.8.10"
}
]
}
}
]
},
"vendor_name": "OpenX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "backdoor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61650",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61650"
},
{
"name": "http://www.exploit-db.com/exploits/27529",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/08/07/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-4211",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4211",
"datePublished": "2020-02-14T19:59:06",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2230 (GCVE-0-2014-2230)
Vulnerability from nvd – Published: 2014-10-23 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2",
"refsource": "MISC",
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"name": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2230",
"datePublished": "2014-10-23T14:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7376 (GCVE-0-2013-7376)
Vulnerability from nvd – Published: 2014-05-14 19:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7376",
"datePublished": "2014-05-14T19:00:00Z",
"dateReserved": "2014-05-14T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:42.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3514 (GCVE-0-2013-3514)
Vulnerability from nvd – Published: 2014-05-14 19:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3514",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5954 (GCVE-0-2013-5954)
Vulnerability from nvd – Published: 2014-04-25 10:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"name": "http://packetstormsecurity.com/files/125735",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5954",
"datePublished": "2014-04-25T10:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7149 (GCVE-0-2013-7149)
Vulnerability from nvd – Published: 2013-12-28 02:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
"refsource": "MISC",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"name": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7149",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3515 (GCVE-0-2013-3515)
Vulnerability from nvd – Published: 2013-07-29 21:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"refsource": "OSVDB",
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"refsource": "OSVDB",
"url": "http://osvdb.org/94775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3515",
"datePublished": "2013-07-29T21:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4990 (GCVE-0-2012-4990)
Vulnerability from nvd – Published: 2012-10-22 23:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"refsource": "OSVDB",
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4990",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4989 (GCVE-0-2012-4989)
Vulnerability from nvd – Published: 2012-10-22 23:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"refsource": "OSVDB",
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4989",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4830 (GCVE-0-2009-4830)
Vulnerability from nvd – Published: 2010-04-27 15:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61300",
"refsource": "OSVDB",
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37914"
},
{
"name": "http://blog.openx.org/12/security-matters-2/",
"refsource": "CONFIRM",
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37457"
},
{
"name": "http://forum.openx.org/index.php?showtopic=503454011",
"refsource": "MISC",
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4830",
"datePublished": "2010-04-27T15:00:00Z",
"dateReserved": "2010-04-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:07.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}