Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-9455
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/ban...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2016-9456
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7364
The HTML_Quickform library, as used in Revive Adserver prior to 3.2.2, allows remote malicious users to bypass the CSRF protection mechanism via an empty token.
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2014-9407
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.0.5 allow remote malicious users to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-de...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2013-5954
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-d...
Revive-adserver Revive Adserver
Openx Openx 2.8.3
Openx Openx
Openx Openx 2.8.5
Openx Openx 2.8.8
Openx Openx 2.8
Openx Openx 2.8.9
Openx Openx 2.8.6
Openx Openx 2.8.2
Openx Openx 2.8.1
Openx Openx 2.8.4
Openx Openx 2.8.10
Openx Openx 2.8.7
1 EDB exploit
5.8
CVSSv2
CVE-2021-22873
Revive Adserver prior to 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when deliv...
Revive-adserver Revive Adserver
1 Github repository
5.8
CVSSv2
CVE-2020-8143
An Open Redirect vulnerability exists in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/w...
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
5.5
CVSSv2
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver prior to 4.0.1, when setting a new password, allows remote malicious users to hijack web sessions via the session ID.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »