Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2014-8793
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver prior to 3.0.6 allows remote malicious users to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
4.6
CVSSv2
CVE-2020-8142
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the ...
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2020-8143
An Open Redirect vulnerability exists in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/w...
Revive-adserver Revive Adserver
6.8
CVSSv2
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.2.2 allow remote malicious users to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via ...
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7367
Revive Adserver prior to 3.2.2 allows remote malicious users to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver prior to 3.2.2 does not restrict access cross domain access, which allows remote malicious users to conduct cross domain attacks via unspecified vectors.
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2015-7371
Revive Adserver prior to 3.2.2 does not restrict access to run-mpe.php, which allows remote malicious users to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2015-7373
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver prior to 3.2.2 allows remote malicious users to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »