Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2014-8793
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver prior to 3.0.6 allows remote malicious users to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2016-9125
Revive Adserver prior to 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9126
Revive Adserver prior to 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit t...
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3....
Revive-adserver Revive Adserver
4.6
CVSSv2
CVE-2020-8142
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the ...
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2020-8143
An Open Redirect vulnerability exists in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/w...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7364
The HTML_Quickform library, as used in Revive Adserver prior to 3.2.2, allows remote malicious users to bypass the CSRF protection mechanism via an empty token.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7365
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »