Lucene search
K

674 matches found

Prion
Prion
added 2015/10/14 7:59 p.m.15 views

Code injection

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...

7.5CVSS7.3AI score0.02544EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.21 views

Directory traversal

Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the layerstyle parameter...

7.5CVSS7.6AI score0.03073EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner...

4.3CVSS6.1AI score0.01953EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.12 views

Cross site request forgery (csrf)

The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...

6.8CVSS7.2AI score0.01143EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.19 views

Cross site scripting

The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...

7.5CVSS7.1AI score0.0325EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.18 views

Design/Logic Flaw

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

2.1CVSS6.2AI score0.00539EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2015/10/14 7:59 p.m.15 views

CVE-2015-7364

The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...

6.8CVSS6.6AI score0.01143EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.25 views

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

5.7AI score0.00539EPSS
Exploits1References5
CVE
CVE
added 2015/10/14 7:0 p.m.54 views

CVE-2015-7367

Revive Adserver (versions

7.5CVSS6.8AI score0.02544EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.57 views

CVE-2015-7369

Revive Adserver before 3.2.2 is affected by multiple CVEs (including CVE-2015-7369: overly permissive crossdomain.xml) that enable cross-domain attacks and session cookie exposure. Core issue: default crossdomain.xml permissions allow access from other domains, facilitating cross-domain attacks. ...

7.5CVSS6.7AI score0.0325EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.22 views

CVE-2015-7370

Multiple cross-site scripting XSS vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation formerly LISA Release Automation 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and...

5.8AI score0.02239EPSS
Exploits1References7
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.27 views

CVE-2015-7366

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that 1 perform certain plugin actions and possibly cause a denial of service disabled core plugins via unknown vectors or 2 change the...

8.1AI score0.01114EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.29 views

CVE-2015-7373

Cross-site scripting XSS vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner...

5.5AI score0.01953EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.31 views

CVE-2015-7371

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service resource consumption via a direct request...

6.6AI score0.02586EPSS
Exploits1References4
CVE
CVE
added 2015/10/14 7:0 p.m.55 views

CVE-2015-7372

This CVE (CVE-2015-7372) affects Revive Adserver up to version 3.2.1. The vulnerability is a Local File Inclusion in the layerstyle parameter of al.php, allowing remote attackers to include and execute arbitrary local files by crafting the layerstyle value (potentially involving a layerstyle.inc....

7.5CVSS7.2AI score0.03073EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.28 views

CVE-2015-7367

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...

6.7AI score0.02544EPSS
Exploits1References4
CVE
CVE
added 2015/10/14 7:0 p.m.55 views

CVE-2015-7366

CVE-2015-7366 affects Revive Adserver prior to 3.2.2. The vulnerability arises from insufficient CSRF protection: certain plugin actions can be triggered via GET requests without tokens, and account-user-*.php POST requests can bypass CSRF checks. This could allow remote attackers to hijack user ...

6.8CVSS8.2AI score0.01114EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.68 views

CVE-2015-7371

CVE-2015-7371 affects Revive Adserver

5CVSS6.8AI score0.02586EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.60 views

CVE-2015-7368

Revive Adserver before 3.2.2 is affected by CVE-2015-7368: it does not send proper Cache-Control headers for admin UI pages, allowing local users to access cached sensitive information after logout. Affected product/version: Revive Adserver prior to 3.2.2. Root cause: improper header handling lea...

2.1CVSS5.8AI score0.00539EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.61 views

CVE-2015-7373

CVE-2015-7373 : Revive Adserver (

4.3CVSS5.7AI score0.01953EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder