Lucene search
K

709 matches found

CNVD
CNVD
added 2017/03/30 12:0 a.m.2 views

Revive Adserver Cross-Site Request Forgery Vulnerability (CNVD-2017-04902)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site request forgery vulnerability exists in Revive Adserver. A remote attacker can exploit this...

8.8CVSS7AI score0.00801EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/30 12:0 a.m.3 views

Revive Adserver Elevation of Privilege Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver versions prior to 3.2.5 and 4.0.0, which stems from the...

3.1CVSS5AI score0.01367EPSS
Exploits0References1
NVD
NVD
added 2017/03/28 2:59 a.m.15 views

CVE-2016-9471

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fa...

3.1CVSS4AI score0.01367EPSS
Exploits0References3
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9470

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download RFD web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a...

9.3CVSS9.2AI score0.02097EPSS
Exploits0References3
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...

5.4CVSS5.4AI score0.01638EPSS
Exploits0References4
OSV
OSV
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9470

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download RFD web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a...

9CVSS7.4AI score
Exploits0References3
OSV
OSV
added 2017/03/28 2:59 a.m.18 views

CVE-2016-9471

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fa...

3.1CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...

5.4CVSS6AI score
Exploits0References4
NVD
NVD
added 2017/03/28 2:59 a.m.14 views

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

5.4CVSS5.3AI score0.00873EPSS
Exploits0References2
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS5.3AI score0.01102EPSS
Exploits0References3
NVD
NVD
added 2017/03/28 2:59 a.m.13 views

CVE-2016-9455

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: www/admin/banner-acl.php, www/admin/banner-activate.php, www/admin/banner-advanced.php, www/admin/banner-modify.php,...

8.8CVSS8.7AI score0.00801EPSS
Exploits0References4
NVD
NVD
added 2017/03/28 2:59 a.m.20 views

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users...

9.8CVSS9.5AI score0.0223EPSS
Exploits0References3
Prion
Prion
added 2017/03/28 2:59 a.m.11 views

Cross site request forgery (csrf)

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with ...

6.8CVSS7.3AI score0.00762EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/03/28 2:59 a.m.13 views

CVE-2016-9126

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...

5.4CVSS5.2AI score0.01446EPSS
Exploits0References3
NVD
NVD
added 2017/03/28 2:59 a.m.16 views

CVE-2016-9457

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others...

5.4CVSS5.4AI score0.0152EPSS
Exploits0References4
Prion
Prion
added 2017/03/28 2:59 a.m.16 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others...

3.5CVSS6.2AI score0.0152EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2017/03/28 2:59 a.m.9 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

3.5CVSS6.2AI score0.01102EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/28 2:59 a.m.10 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...

3.5CVSS5.9AI score0.01446EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/28 2:59 a.m.10 views

Design/Logic Flaw

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download RFD web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a...

9.3CVSS7.3AI score0.02097EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/28 2:59 a.m.14 views

Design/Logic Flaw

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fa...

2.1CVSS6.9AI score0.01367EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder