MidnightBSD

Advisories for adcycle

CVE-2000-1161 HIGH

The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
adcycle adcycle 0.77b
CVE-2001-0425 HIGH

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
adcycle adcycle 0.77
adcycle adcycle 0.78b
CVE-2001-1053 HIGH

AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
adcycle adcycle 1.14
adcycle adcycle 1.13
adcycle adcycle 0.77b
adcycle adcycle 1.15
adcycle adcycle 1.12
adcycle adcycle 0.77
adcycle adcycle 0.78b
adcycle adcycle 1.0
CVE-2001-1226 MEDIUM

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
adcycle adcycle 1.16
adcycle adcycle 1.14
adcycle adcycle 1.13
adcycle adcycle 1.15
adcycle adcycle 1.12
adcycle adcycle 1.17