Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-5830
Revive Adserver prior to 4.0.1 allows remote malicious users to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Revive-adserver Revive Adserver
5.5
CVSSv2
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver prior to 4.0.1, when setting a new password, allows remote malicious users to hijack web sessions via the session ID.
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver prior to 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7364
The HTML_Quickform library, as used in Revive Adserver prior to 3.2.2, allows remote malicious users to bypass the CSRF protection mechanism via an empty token.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7367
Revive Adserver prior to 3.2.2 allows remote malicious users to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver prior to 3.2.2 does not restrict access cross domain access, which allows remote malicious users to conduct cross domain attacks via unspecified vectors.
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2015-7371
Revive Adserver prior to 3.2.2 does not restrict access to run-mpe.php, which allows remote malicious users to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7373
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »