Vulnerabilities > Openx > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-14 | CVE-2013-4211 | Code Injection vulnerability in Openx 2.8.10 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | 7.5 |
| 2013-12-28 | CVE-2013-7149 | SQL Injection vulnerability in multiple products SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. | 7.5 |
| 2012-10-22 | CVE-2012-4990 | SQL Injection vulnerability in Openx 2.8.10 SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | 7.5 |
| 2010-04-27 | CVE-2009-4830 | Improper Authentication vulnerability in Openx 2.8.1/2.8.2 Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | 7.5 |
| 2009-02-20 | CVE-2008-6163 | SQL Injection vulnerability in Openx 2.6.1 SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter. | 7.5 |
| 2009-01-27 | CVE-2009-0291 | Path Traversal vulnerability in Openx 2.6.3 Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. | 7.5 |