Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2016-9471
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in t...
Revive-adserver Revive Adserver 4.0.0
Revive-adserver Revive Adserver
9.3
CVSSv2
CVE-2016-9470
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables malicious users to gain complete control over a victim's machine by virtua...
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 4.0.0
3.5
CVSSv2
CVE-2016-9472
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possibl...
Revive-adserver Revive Adserver 4.0.0
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2021-22948
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
Revive-adserver Revive Adserver 5.3.0
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver prior to 3.0.2, and OpenX Source 2.8.11 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the what parameter to an XML-...
Openx Openx 2.8.10
Openx Openx
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 3.0.0
4.3
CVSSv2
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2021-22874
Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
Revive-adserver Revive Adserver
NA
CVE-2023-38040
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and previous versions versions..
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9126
Revive Adserver prior to 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit t...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »