709 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address...
Session fixation
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID...
CVE-2017-5833
Cross-site scripting XSS vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2017-5830
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...
CVE-2017-5830
CVE-2017-5830 affects Revive Adserver prior to 4.0.1, where an attacker can execute arbitrary code by sending serialized data in cookies used by delivery scripts. The impact is remote code execution with high severity (per CVSS scores in sources). Affected component: the delivery-script cookies h...
CVE-2017-5832
Revive Adserver (open source ad management) is affected by CVE-2017-5832: an XSS in the handling of user email addresses that allows remote authenticated users to inject arbitrary script/HTML. The vulnerability affects Revive Adserver versions before 4.0.1. Exploitation requires authentication; a...
CVE-2017-5831
Revive Adserver is affected by CVE-2017-5831: a session fixation vulnerability in the forgot password flow prior to version 4.0.1. The issue allows an attacker to hijack a user session by targeting the session ID during password reset. Affected software is Revive Adserver (prior to 4.0.1); root c...
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID...
CVE-2017-5833
CVE-2017-5833 affects Revive Adserver prior to 4.0.1. An XSS in the invocation code generation for interstitial zones allows remote attackers to inject arbitrary script or HTML via unspecified parameters. The CVSS data indicates a network-accessible vulnerability with low attack complexity (AV:N/...
Revive Adserver REVIVE-SA-2017-001 Cross-Site Scripting Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver 4.0.0 and earlier versions. A remote attacker c...
Revive Adserver REVIVE-SA-2017-001 generic RCE attack vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit this...
Revive Adserver REVIVE-SA-2017-001 Cross-Site Scripting Vulnerability (CNVD-2017-01522)
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver 4.0.0 and earlier versions. A remote attacker c...
Revive Adserver REVIVE-SA-2017-001 Session Fixation Vulnerability
Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A session fixation vulnerability exists in Revive Adserver 4.0.0 and earlier versions. An attacker can exploit...
Revive Adserver Multiple Vulnerabilities
Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Vulnerabilities
Revive Adserver versions 4.0.0 and below suffer from cross site scripting, session fixation, and deserialization of untrusted data vulnerabilities. Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation Applications affected: Revive Adserver Versions affected: = 4.0.1 Website:...
Revive Adserver: Reflected XSS on Zones > Invocation Code
"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...
Revive Adserver Multiple Vulnerabilities
Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...
Revive Adserver Multiple Vulnerabilities
Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver"; if...
Revive Adserver: Stored XSS on Admin Access Page - Email field
"Cricetinae" : Short Description The Email field is not sanitized on Inventory Admin Access page resulting in to Stored Cross-Site Scripting vulnerability. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including bu...
Revive Adserver: Reflected XSS in Step 2 of the Installation
"Cricetinae" : Short Description The dbName parameter in Step 2 of Installation Wizard is vulnerable to Cross-Site Scripting vulnerability when the form is returned with error. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client si...