Vulnerabilites related to openx - openx
cve-2009-4830
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/61300 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/37914 | third-party-advisory, x_refsource_SECUNIA | |
| http://blog.openx.org/12/security-matters-2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37457 | vdb-entry, x_refsource_BID | |
| http://forum.openx.org/index.php?showtopic=503454011 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61300",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37457"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61300",
"refsource": "OSVDB",
"url": "http://osvdb.org/61300"
},
{
"name": "37914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37914"
},
{
"name": "http://blog.openx.org/12/security-matters-2/",
"refsource": "CONFIRM",
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"name": "37457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37457"
},
{
"name": "http://forum.openx.org/index.php?showtopic=503454011",
"refsource": "MISC",
"url": "http://forum.openx.org/index.php?showtopic=503454011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4830",
"datePublished": "2010-04-27T15:00:00Z",
"dateReserved": "2010-04-27T00:00:00Z",
"dateUpdated": "2024-09-16T23:01:07.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4990
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79199 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/86093 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/50877 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.com/advisory/HTB23116 | x_refsource_MISC | |
| https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55860 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openx-campaignzonelink-sql-injection(79199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"name": "86093",
"refsource": "OSVDB",
"url": "http://osvdb.org/86093"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4990",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7149
Vulnerability from cvelistv5
Published
2013-12-28 02:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ | x_refsource_MISC | |
| http://www.revive-adserver.com/security/REVIVE-SA-2013-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/530471/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
"refsource": "MISC",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"name": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7149",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4211
Vulnerability from cvelistv5
Published
2020-02-14 19:59
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61650 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/27529 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/08/07/2 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86259 | x_refsource_MISC | |
| https://packetstormsecurity.com/files/cve/CVE-2013-4211 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ad Server",
"vendor": "OpenX",
"versions": [
{
"status": "affected",
"version": "2.8.10"
}
]
}
],
"datePublic": "2013-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "backdoor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T20:02:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ad Server",
"version": {
"version_data": [
{
"version_value": "2.8.10"
}
]
}
}
]
},
"vendor_name": "OpenX"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "backdoor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61650",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61650"
},
{
"name": "http://www.exploit-db.com/exploits/27529",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/08/07/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-4211",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4211",
"datePublished": "2020-02-14T19:59:06",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0291
Vulnerability from cvelistv5
Published
2009-01-27 20:00
Modified
2024-08-07 04:31
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/500411/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/7883 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/33458 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090127 OpenX 2.6.3 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500411/100/0/threaded"
},
{
"name": "7883",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7883"
},
{
"name": "33458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090127 OpenX 2.6.3 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500411/100/0/threaded"
},
{
"name": "7883",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7883"
},
{
"name": "33458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090127 OpenX 2.6.3 - Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500411/100/0/threaded"
},
{
"name": "7883",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7883"
},
{
"name": "33458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0291",
"datePublished": "2009-01-27T20:00:00",
"dateReserved": "2009-01-27T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4098
Vulnerability from cvelistv5
Published
2009-11-28 11:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/508050/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openx.org/docs/2.8/release-notes/openx-2.8.2 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37475 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54394 | vdb-entry, x_refsource_XF | |
| https://developer.openx.org/jira/browse/OX-5747 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37110 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/60499 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091124 Executing arbitrary PHP code on OpenX \u003c= 2.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508050/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2"
},
{
"name": "37475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37475"
},
{
"name": "openx-banneredit-upload(54394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54394"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.openx.org/jira/browse/OX-5747"
},
{
"name": "37110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37110"
},
{
"name": "60499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/60499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091124 Executing arbitrary PHP code on OpenX \u003c= 2.8.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508050/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2"
},
{
"name": "37475",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37475"
},
{
"name": "openx-banneredit-upload(54394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54394"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.openx.org/jira/browse/OX-5747"
},
{
"name": "37110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37110"
},
{
"name": "60499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/60499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091124 Executing arbitrary PHP code on OpenX \u003c= 2.8.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508050/100/0/threaded"
},
{
"name": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2",
"refsource": "CONFIRM",
"url": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2"
},
{
"name": "37475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37475"
},
{
"name": "openx-banneredit-upload(54394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54394"
},
{
"name": "https://developer.openx.org/jira/browse/OX-5747",
"refsource": "MISC",
"url": "https://developer.openx.org/jira/browse/OX-5747"
},
{
"name": "37110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37110"
},
{
"name": "60499",
"refsource": "OSVDB",
"url": "http://osvdb.org/60499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4098",
"datePublished": "2009-11-28T11:00:00",
"dateReserved": "2009-11-28T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7376
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-09-17 02:15
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/94778 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2013/Jul/27 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.htbridge.com/advisory/HTB23155 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7376",
"datePublished": "2014-05-14T19:00:00Z",
"dateReserved": "2014-05-14T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:42.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2230
Vulnerability from cvelistv5
Published
2014-10-23 14:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/97621 | vdb-entry, x_refsource_XF | |
| http://seclists.org/fulldisclosure/2014/Oct/72 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2",
"refsource": "MISC",
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"name": "openx-cve20142230-open-redirect(97621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"name": "20141016 CVE-2014-2230 - OpenX Open Redirect Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"name": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2230",
"datePublished": "2014-10-23T14:00:00",
"dateReserved": "2014-02-26T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5954
Vulnerability from cvelistv5
Published
2014-04-25 10:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/May/68 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/125735 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Mar/270 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/66251 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/532108/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.revive-adserver.com/security/revive-sa-2014-001/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91889 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"name": "http://packetstormsecurity.com/files/125735",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5954",
"datePublished": "2014-04-25T10:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6163
Vulnerability from cvelistv5
Published
2009-02-18 17:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/6655 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45631 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32114 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31549 | vdb-entry, x_refsource_BID | |
| http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703&showtopic=503422735 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6655",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6655"
},
{
"name": "openx-ac-sql-injection(45631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45631"
},
{
"name": "32114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32114"
},
{
"name": "31549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31549"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6655",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6655"
},
{
"name": "openx-ac-sql-injection(45631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45631"
},
{
"name": "32114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32114"
},
{
"name": "31549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31549"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6655"
},
{
"name": "openx-ac-sql-injection(45631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45631"
},
{
"name": "32114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32114"
},
{
"name": "31549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31549"
},
{
"name": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735",
"refsource": "MISC",
"url": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6163",
"datePublished": "2009-02-18T17:00:00",
"dateReserved": "2009-02-18T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4989
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/50877 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79196 | vdb-entry, x_refsource_XF | |
| https://www.htbridge.com/advisory/HTB23116 | x_refsource_MISC | |
| http://osvdb.org/86092 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/55860 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"name": "20121010 Multiple vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"name": "50877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50877"
},
{
"name": "openx-pluginindex-xss(79196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"name": "https://www.htbridge.com/advisory/HTB23116",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"name": "86092",
"refsource": "OSVDB",
"url": "http://osvdb.org/86092"
},
{
"name": "55860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4989",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3514
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/94778 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2013/Jul/27 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.htbridge.com/advisory/HTB23155 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94778",
"refsource": "OSVDB",
"url": "http://osvdb.org/94778"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3514",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3515
Vulnerability from cvelistv5
Published
2013-07-29 21:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php | x_refsource_MISC | |
| https://svn.openx.org/openx/trunk/www/admin/plugin-index.php | x_refsource_MISC | |
| https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85411 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/94774 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/bugtraq/2013/Jul/27 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.htbridge.com/advisory/HTB23155 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/26624 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/94775 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/94775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/94775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"name": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php",
"refsource": "MISC",
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"name": "openx-cve20133515-multiple-xss(85411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"name": "94774",
"refsource": "OSVDB",
"url": "http://osvdb.org/94774"
},
{
"name": "20130703 Multiple Vulnerabilities in OpenX",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"name": "https://www.htbridge.com/advisory/HTB23155",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"name": "26624",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"name": "94775",
"refsource": "OSVDB",
"url": "http://osvdb.org/94775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3515",
"datePublished": "2013-07-29T21:00:00",
"dateReserved": "2013-05-08T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-29 23:27
Modified
2024-11-21 01:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.4 | |
| openx | openx | 2.4.4 | |
| openx | openx | 2.4.5 | |
| openx | openx | 2.4.6 | |
| openx | openx | 2.4.7 | |
| openx | openx | 2.4.8 | |
| openx | openx | 2.4.9 | |
| openx | openx | 2.4.10 | |
| openx | openx | 2.4.11 | |
| openx | openx | 2.6.0 | |
| openx | openx | 2.6.1 | |
| openx | openx | 2.6.2 | |
| openx | openx | 2.6.3 | |
| openx | openx | 2.6.4 | |
| openx | openx | 2.6.5 | |
| openx | openx | 2.7.29 | |
| openx | openx | 2.8 | |
| openx | openx | 2.8.1 | |
| openx | openx | 2.8.2 | |
| openx | openx | 2.8.3 | |
| openx | openx | 2.8.4 | |
| openx | openx | 2.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B69A60AF-6FA2-4527-9317-58C581473C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53251C77-AED4-40CB-995F-0545148A458E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2330F4FE-F861-4244-A160-DAB37BE2A1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B997A54E-7F45-4656-A3A7-637547DFEFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9A46B6-B245-493A-B5EC-B9B8508BD9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F560C0FD-8584-4686-B869-487498BFDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5401151-C5A7-4F70-8378-F02BD14C1A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2FF584-3585-4019-A8AF-04D193022EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "679F1054-9AC8-477B-A7C7-156C82C3D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "290E79D9-5AF4-4D24-877F-2B357156381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5592CDF8-CF2A-4514-83D7-17A47715921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9007BE21-FF62-4294-A92A-05F45F731FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2F123E-B39B-4A54-9575-2E4EF1BB1A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en OpenX Source 2.8.10 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de lso par\u00e1metros (1) package a www/admin/plugin-index.php o (2) group a www/admin/plugin-settings.php."
}
],
"id": "CVE-2013-3515",
"lastModified": "2024-11-21T01:53:47.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T23:27:38.473",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94774"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94775"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "cve@mitre.org",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/26624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://svn.openx.org/openx/trunk/www/admin/plugin-settings.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.htbridge.com/advisory/HTB23155-openx-changeset-82710.diff"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 14:15
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC4AD4-6377-4113-B74C-77FEAE01EF5D",
"versionEndIncluding": "3.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en OpenX 2.8.11 y anteriores permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que eliminan (1) usuarios a trav\u00e9s de admin/agency-user-unlink.php, (2) anunciantes a trav\u00e9s de admin/advertiser-delete.php, (3) banners a trav\u00e9s de admin/banner-delete.php, (4) campa\u00f1as a trav\u00e9s de admin/campaign-delete.php, (5) canales a trav\u00e9s de admin/channel-delete.php, (6) sitios web afiliados a trav\u00e9s de admin/affiliate-delete.php o (7) zonas a trav\u00e9s de admin/zone-delete.php."
}
],
"id": "CVE-2013-5954",
"lastModified": "2024-11-21T01:58:29.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T14:15:30.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "cve@mitre.org",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-27 20:30
Modified
2024-11-21 00:59
Severity ?
Summary
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el archivo fc.php en OpenX 2.6.3, permite a los atacantes remotos incluir y ejecutar arbitrariamente archivos a trav\u00e9s de .. (punto punto) en el par\u00e1metro MAX_type."
}
],
"id": "CVE-2009-0291",
"lastModified": "2024-11-21T00:59:33.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-27T20:30:04.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500411/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/33458"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500411/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/33458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7883"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-20 06:46
Modified
2024-11-21 00:55
Severity ?
Summary
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en www/delivery/ac.php en OpenX v2.6.1 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro \"bannerid\""
}
],
"id": "CVE-2008-6163",
"lastModified": "2024-11-21T00:55:49.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-20T06:46:54.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32114"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/31549"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45631"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.openx.org/index.php?s=8d4c74dab4fd4597a7facda7c7414703\u0026showtopic=503422735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/31549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en admin/campaign-zone-link.php en OpenX v2.8.10 antes de la revision 81823, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ids[] en una acci\u00f3n link."
}
],
"id": "CVE-2012-4990",
"lastModified": "2024-11-21T01:43:52.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-22T23:55:09.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86093"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"source": "cve@mitre.org",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.openx.org/openx/trunk/www/admin/campaign-zone-link.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en OpenX 2.8.1 y 2.8.2 permite a atacantes remotos evitar la autenticaci\u00f3n y obtener acceso a una cuenta de Administrador mediante vectores desconocidos, posiblemente relacionados con www/admin/install.php, www/admin/install-plugins.php y otros ficheros www/admin/ ."
}
],
"id": "CVE-2009-4830",
"lastModified": "2024-11-21T01:10:34.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:01.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61300"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37914"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.openx.org/12/security-matters-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forum.openx.org/index.php?showtopic=503454011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37457"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-28 04:53
Modified
2024-11-21 02:00
Severity ?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.8.10 | |
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2957BC4-6065-450A-A60E-C914B7B82ED6",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A9DBF-E65E-43A6-B1BA-082A3FCB2A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en www / entrega / axmlrpc.php (tambi\u00e9n conocido como el XML-RPC invocaci\u00f3n de entrega de script) en Revive Adserver antes de 3.0.2, y OpenX Fuente 2.8.11 y anteriores, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro de lo que a un m\u00e9todo de XML-RPC."
}
],
"id": "CVE-2013-7149",
"lastModified": "2024-11-21T02:00:25.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2024-11-21 01:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en admin/plugin-index.php en OpenX v2.8.10 antes de la revisi\u00f3n 81823, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro parent en una acci\u00f3n info."
}
],
"id": "CVE-2012-4989",
"lastModified": "2024-11-21T01:43:52.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T23:55:08.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86092"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"source": "cve@mitre.org",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.openx.org/openx/trunk/lib/templates/admin/plugin-group-view.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-23 14:55
Modified
2024-11-21 02:05
Severity ?
Summary
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en la funci\u00f3n header en adclick.php en OpenX 2.8.10 y anteriores permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en (1) el par\u00e1metro dest en adclick.php o (2) el par\u00e1metro _maxdest en ck.php."
}
],
"evaluatorComment": "\u003ca href = \"http://cwe.mitre.org/data/definitions/601.html\"\u003e CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) \u003c/a\u003e",
"id": "CVE-2014-2230",
"lastModified": "2024-11-21T02:05:53.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-23T14:55:02.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128718/OpenX-2.8.10-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.tetraph.com/blog/cves/cve-2014-2230-openx-open-redirect-vulnerability-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 19:55
Modified
2024-11-21 01:53
Severity ?
Summary
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.4 | |
| openx | openx | 2.4.4 | |
| openx | openx | 2.4.5 | |
| openx | openx | 2.4.6 | |
| openx | openx | 2.4.7 | |
| openx | openx | 2.4.8 | |
| openx | openx | 2.4.9 | |
| openx | openx | 2.4.10 | |
| openx | openx | 2.4.11 | |
| openx | openx | 2.6.0 | |
| openx | openx | 2.6.1 | |
| openx | openx | 2.6.2 | |
| openx | openx | 2.6.3 | |
| openx | openx | 2.6.4 | |
| openx | openx | 2.6.5 | |
| openx | openx | 2.7.29 | |
| openx | openx | 2.8 | |
| openx | openx | 2.8.1 | |
| openx | openx | 2.8.2 | |
| openx | openx | 2.8.3 | |
| openx | openx | 2.8.4 | |
| openx | openx | 2.8.5 | |
| openx | openx | 2.8.6 | |
| openx | openx | 2.8.7 | |
| openx | openx | 2.8.8 | |
| openx | openx | 2.8.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8341B095-E7FF-4B67-9307-DF23DD0A030E",
"versionEndIncluding": "2.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B69A60AF-6FA2-4527-9317-58C581473C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53251C77-AED4-40CB-995F-0545148A458E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2330F4FE-F861-4244-A160-DAB37BE2A1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B997A54E-7F45-4656-A3A7-637547DFEFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D9A46B6-B245-493A-B5EC-B9B8508BD9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F560C0FD-8584-4686-B869-487498BFDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5401151-C5A7-4F70-8378-F02BD14C1A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2FF584-3585-4019-A8AF-04D193022EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "679F1054-9AC8-477B-A7C7-156C82C3D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "290E79D9-5AF4-4D24-877F-2B357156381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5592CDF8-CF2A-4514-83D7-17A47715921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9007BE21-FF62-4294-A92A-05F45F731FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2F123E-B39B-4A54-9575-2E4EF1BB1A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en OpenX anterior a 2.8.10 revisi\u00f3n 82710 permite a administradores remotos leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro group hacia (1) plugin-preferences.php o (2) plugin-settings.php en www/admin, una vulnerabilidad diferente a CVE-2013-7376. NOTA: esto puede ser aprovechado utilizando CSRF para permitir a atacantes remotos no autenticados leer archivos arbitrarios."
}
],
"id": "CVE-2013-3514",
"lastModified": "2024-11-21T01:53:47.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T19:55:09.277",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-14 20:15
Modified
2024-11-21 01:55
Severity ?
Summary
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code"
},
{
"lang": "es",
"value": "Se presenta una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo en OpenX Ad Server versi\u00f3n 2.8.10, debido a un backdoor en la biblioteca flowplayer-3.1.1.min.js, lo que podr\u00eda permitir a un usuario malicioso remoto ejecutar c\u00f3digo PHP arbitrario."
}
],
"id": "CVE-2013-4211",
"lastModified": "2024-11-21T01:55:08.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-14T20:15:09.650",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/27529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-4211"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-29 13:08
Modified
2024-11-21 01:08
Severity ?
Summary
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6969C05-6A0C-402D-9457-E519F56912F1",
"versionEndIncluding": "2.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "220D8830-4421-4393-B41F-691A0E465374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D866D9-F3CB-4A5D-8946-62A425173845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39E8AB7C-CCC8-4C5E-8E42-C57C81C5EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de subida de archivos sin restricci\u00f3n en banner-edit.php en OpenX adserver v2.8.1 y anteriores permite a usuarios autenticados remotamente con permisos de subida banner / file, ejecutar c\u00f3digo de su elecci\u00f3n mediante la carga de un archivo con una extensi\u00f3n ejecutable, luego accede a \u00e9l a trav\u00e9s de una petici\u00f3n directa al archivo en un directorio imagen."
}
],
"id": "CVE-2009-4098",
"lastModified": "2024-11-21T01:08:55.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-29T13:08:29.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60499"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37475"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508050/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37110"
},
{
"source": "cve@mitre.org",
"url": "https://developer.openx.org/jira/browse/OX-5747"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openx.org/docs/2.8/release-notes/openx-2.8.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508050/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://developer.openx.org/jira/browse/OX-5747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54394"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 19:55
Modified
2024-11-21 02:00
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en OpenX 2.8.10, posiblemente anterior a revisi\u00f3n 82710, permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, como fue demostrado por solicitudes que realizan ataques de salto de directorio a trav\u00e9s del par\u00e1metro group hacia (1) plugin-preferences.php o (2) plugin-settings.php en www/admin, una vulnerabilidad diferente a CVE-2013-3514."
}
],
"id": "CVE-2013-7376",
"lastModified": "2024-11-21T02:00:52.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-14T19:55:10.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/94778"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/94778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/bugtraq/2013/Jul/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23155"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}