Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2016-9470
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables malicious users to gain complete control over a victim's machine by virtua...
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 4.0.0
755
VMScore
CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploi...
Revive-sas Revive Adserver
1 EDB exploit
685
VMScore
CVE-2013-5954
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-d...
Revive-adserver Revive Adserver
Openx Openx 2.8.1
Openx Openx 2.8.10
Openx Openx 2.8.8
Openx Openx 2.8.7
Openx Openx 2.8.3
Openx Openx 2.8.4
Openx Openx 2.8.9
Openx Openx
Openx Openx 2.8.2
Openx Openx 2.8.6
Openx Openx 2.8
Openx Openx 2.8.5
1 EDB exploit
668
VMScore
CVE-2016-9125
Revive Adserver prior to 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for...
Revive-adserver Revive Adserver
668
VMScore
CVE-2017-5830
Revive Adserver prior to 4.0.1 allows remote malicious users to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Revive-adserver Revive Adserver
668
VMScore
CVE-2015-7367
Revive Adserver prior to 3.2.2 allows remote malicious users to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
Revive-adserver Revive Adserver
668
VMScore
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver prior to 3.2.2 does not restrict access cross domain access, which allows remote malicious users to conduct cross domain attacks via unspecified vectors.
Revive-adserver Revive Adserver
668
VMScore
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver prior to 3.2.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Revive-adserver Revive Adserver
668
VMScore
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver prior to 3.0.2, and OpenX Source 2.8.11 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the what parameter to an XML-...
Openx Openx 2.8.10
Openx Openx
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 3.0.0
605
VMScore
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »