Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2015-7368
Revive Adserver prior to 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7370
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver prior to 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 prior to 5.0.2-227, 5.5.1 prior to 5.5.1-1616, 5....
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver prior to 3.2.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7364
The HTML_Quickform library, as used in Revive Adserver prior to 3.2.2, allows remote malicious users to bypass the CSRF protection mechanism via an empty token.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7365
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9128
Revive Adserver prior to 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an malicious user to steal the session ID of an authenticated user, by tricking them into visiting...
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2016-9129
Revive Adserver prior to 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »