The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adcycle | adcycle | 0.77b |
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adcycle | adcycle | 0.77 |
| adcycle | adcycle | 0.78b |
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adcycle | adcycle | 1.14 |
| adcycle | adcycle | 1.13 |
| adcycle | adcycle | 0.77b |
| adcycle | adcycle | 1.15 |
| adcycle | adcycle | 1.12 |
| adcycle | adcycle | 0.77 |
| adcycle | adcycle | 0.78b |
| adcycle | adcycle | 1.0 |
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adcycle | adcycle | 1.16 |
| adcycle | adcycle | 1.14 |
| adcycle | adcycle | 1.13 |
| adcycle | adcycle | 1.15 |
| adcycle | adcycle | 1.12 |
| adcycle | adcycle | 1.17 |