CVE-2017-5830

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

CVE-2017-5832

Cross-site scripting XSS vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address...

Design/Logic Flaw

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

Cross site scripting

Cross-site scripting XSS vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

Session fixation

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID...

Cross site scripting

Cross-site scripting XSS vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address...

CVE-2017-5830

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

CVE-2017-5831

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID...

CVE-2017-5833

Cross-site scripting XSS vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2017-5830

CVE-2017-5830 affects Revive Adserver prior to 4.0.1, where an attacker can execute arbitrary code by sending serialized data in cookies used by delivery scripts. The impact is remote code execution with high severity (per CVSS scores in sources). Affected component: the delivery-script cookies h...

CVE-2017-5831

Revive Adserver is affected by CVE-2017-5831: a session fixation vulnerability in the forgot password flow prior to version 4.0.1. The issue allows an attacker to hijack a user session by targeting the session ID during password reset. Affected software is Revive Adserver (prior to 4.0.1); root c...

CVE-2017-5833

CVE-2017-5833 affects Revive Adserver prior to 4.0.1. An XSS in the invocation code generation for interstitial zones allows remote attackers to inject arbitrary script or HTML via unspecified parameters. The CVSS data indicates a network-accessible vulnerability with low attack complexity (AV:N/...

CVE-2017-5832

Revive Adserver (open source ad management) is affected by CVE-2017-5832: an XSS in the handling of user email addresses that allows remote authenticated users to inject arbitrary script/HTML. The vulnerability affects Revive Adserver versions before 4.0.1. Exploitation requires authentication; a...

Revive Adserver REVIVE-SA-2017-001 generic RCE attack vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit this...

Revive Adserver REVIVE-SA-2017-001 Session Fixation Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A session fixation vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit...

Revive Adserver REVIVE-SA-2017-001 Cross-Site Scripting Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver 4.0.0 and earlier versions. A remote attacker c...

Revive Adserver REVIVE-SA-2017-001 Cross-Site Scripting Vulnerability (CNVD-2017-01522)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver 4.0.0 and earlier versions. A remote attacker c...

Revive Adserver Multiple Vulnerabilities

Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...

Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Vulnerabilities

Revive Adserver versions 4.0.0 and below suffer from cross site scripting, session fixation, and deserialization of untrusted data vulnerabilities. Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Applications affected: Revive Adserver Versions affected: = 4.0.1 Website:...

Revive Adserver: Reflected XSS on Zones > Invocation Code

"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...