Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matteo beccati vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-8875
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver prior to 3.0.6 allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2021-22871
Revive Adserver prior to 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulne...
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2021-22872
Revive Adserver prior to 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not au...
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2021-22873
Revive Adserver prior to 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when deliv...
Revive-adserver Revive Adserver
1 Github repository
4.3
CVSSv2
CVE-2021-22874
Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2021-22875
Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2014-8793
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver prior to 3.0.6 allows remote malicious users to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started