Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2016-9471
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in t...
Revive-adserver Revive Adserver 4.0.0
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2016-9472
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possibl...
Revive-adserver Revive Adserver 4.0.0
Revive-adserver Revive Adserver
9.3
CVSSv2
CVE-2016-9470
Revive Adserver prior to 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables malicious users to gain complete control over a victim's machine by virtua...
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 4.0.0
4.3
CVSSv2
CVE-2021-22948
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
Revive-adserver Revive Adserver 5.3.0
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver prior to 3.0.2, and OpenX Source 2.8.11 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the what parameter to an XML-...
Openx Openx 2.8.10
Openx Openx
Revive-adserver Revive Adserver
Revive-adserver Revive Adserver 3.0.0
7.5
CVSSv2
CVE-2017-5830
Revive Adserver prior to 4.0.1 allows remote malicious users to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
Revive-adserver Revive Adserver
5.5
CVSSv2
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver prior to 4.0.1, when setting a new password, allows remote malicious users to hijack web sessions via the session ID.
Revive-adserver Revive Adserver
3.5
CVSSv2
CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver prior to 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
Revive-adserver Revive Adserver
4.3
CVSSv2
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver prior to 4.0.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Revive-adserver Revive Adserver
5.8
CVSSv2
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »