SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
Max CVSS
7.5
EPSS Score
0.28%
Published
2013-12-28
Updated
2018-10-30
CVE-2013-4211
Public exploit
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
Max CVSS
9.8
EPSS Score
97.02%
Published
2020-02-14
Updated
2020-02-19
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
Max CVSS
7.5
EPSS Score
0.66%
Published
2012-10-22
Updated
2017-08-29
Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files.
Max CVSS
7.5
EPSS Score
0.45%
Published
2010-04-27
Updated
2010-07-30
Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2009-01-27
Updated
2018-10-11
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-02-20
Updated
2017-09-29
6 vulnerabilities found