Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7368
Revive Adserver prior to 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Revive-adserver Revive Adserver
NA
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver prior to 3.2.2 does not restrict access cross domain access, which allows remote malicious users to conduct cross domain attacks via unspecified vectors.
Revive-adserver Revive Adserver
NA
CVE-2015-7371
Revive Adserver prior to 3.2.2 does not restrict access to run-mpe.php, which allows remote malicious users to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
Revive-adserver Revive Adserver
NA
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver prior to 3.2.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Revive-adserver Revive Adserver
NA
CVE-2015-7373
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
8.1
CVSSv3
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
NA
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
9.8
CVSSv3
CVE-2017-5830
Revive Adserver prior to 4.0.1 allows remote malicious users to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Revive-adserver Revive Adserver
5.9
CVSSv3
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver prior to 4.0.1, when setting a new password, allows remote malicious users to hijack web sessions via the session ID.
Revive-adserver Revive Adserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »