709 matches found
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another unsafe domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was...
CVE-2019-5433
CVE-2019-5433 describes an open redirect in Revive Adserver’s admin/account-switch.php. A user with UI access could be tricked by a crafted return_url parameter into visiting an external, potentially phishing, domain, enabling credential theft or similar abuse. The issue arises from unrestricted ...
Ad Server Patched to Stop Possible Malware Distribution
UPDATE The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites. Revive Adserver, formerly known as OpenX Source, is a free, open-source a...
Revive Adserver: Deserialization of Untrusted Data in www/delivery/adxmlrpc.php
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Impact Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP...
Adserver Script 5.6 SQL Injection
Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
Adserver Script 5.6 - SQL Injection
Adserver Script 5.6 - SQL Injection Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapp...
Adserver Script 5.6 - SQL Injection
Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
hanploi.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-259977 Description| Value ---|--- Affected Website:| hanploi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
Revive Adserver Overauthentication Attempts Improper Restriction Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in the login page of Revive Adserver versions prior to 3.2.3. An attacker can...
Revive Adserver Cross-Site Request Forgery Vulnerability (CNVD-2017-04903)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site request forgery vulnerability exists in the password recovery form in Revive Adserver versions...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04899)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver. A remote attacker can exploit this vulnerabili...
Revive Adserver Session Fixation Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.3. An attacker can exploit the...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-05629)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. Attackers can use the dbHost or dbUser parameter to...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04607)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in the affiliate-preview.php file in www/admin in versions prior t...
Revive Adserver Cross-Site Request Forgery Vulnerability (CNVD-2017-04902)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site request forgery vulnerability exists in Revive Adserver. A remote attacker can exploit this...
Revive Adserver Cross-Site Request Forgery Vulnerability (CNVD-2017-04901)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site request forgery vulnerability exists in Revive Adserver. A remote attacker can exploit this...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-05165)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver. A remote attacker can exploit this vulnerabili...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04904)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver. A remote attacker can exploit this vulnerabili...
Revive Adserver Elevation of Privilege Vulnerability (CNVD-2017-05631)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in the www/delivery/asyncspc.php file in Revive Adserver. An attacker can...
Revive Adserver Elevation of Privilege Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.5 and 4.0.0, which stems from the...