Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
2.1
CVSSv2
CVE-2015-7368
Revive Adserver prior to 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7370
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver prior to 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 prior to 5.0.2-227, 5.5.1 prior to 5.5.1-1616, 5....
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver prior to 3.2.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2014-9407
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.0.5 allow remote malicious users to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-de...
Revive-adserver Revive Adserver
NA
CVE-2023-38040
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and previous versions versions..
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2016-9125
Revive Adserver prior to 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »