Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2016-9472
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possibl...
Revive-adserver Revive Adserver 4.0.0
Revive-adserver Revive Adserver
9.3
CVSSv2
CVE-2016-9470
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables malicious users to gain complete control over a victim's machine by virtua...
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 4.0.0
3.5
CVSSv2
CVE-2016-9126
Revive Adserver prior to 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit t...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2016-9455
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/ban...
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2016-9129
Revive Adserver prior to 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery...
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2016-9124
Revive Adserver prior to 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions t...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2016-9127
Revive Adserver prior to 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9128
Revive Adserver prior to 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an malicious user to steal the session ID of an authenticated user, by tricking them into visiting...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2016-9125
Revive Adserver prior to 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »