Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-9455
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/ban...
Revive-adserver Revive Adserver
8.8
CVSSv3
CVE-2016-9456
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2016-9454
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of...
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2016-9457
Revive Adserver prior to 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly ...
Revive-adserver Revive Adserver
5.9
CVSSv3
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver prior to 4.0.1, when setting a new password, allows remote malicious users to hijack web sessions via the session ID.
Revive-adserver Revive Adserver
9.8
CVSSv3
CVE-2017-5830
Revive Adserver prior to 4.0.1 allows remote malicious users to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver prior to 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
Revive-adserver Revive Adserver
6.1
CVSSv3
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Revive-adserver Revive Adserver
NA
CVE-2015-7365
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
Revive-adserver Revive Adserver
NA
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver prior to 3.2.2 does not restrict access cross domain access, which allows remote malicious users to conduct cross domain attacks via unspecified vectors.
Revive-adserver Revive Adserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »