674 matches found
Code injection
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...
Directory traversal
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the layerstyle parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner...
Cross site request forgery (csrf)
The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...
Cross site scripting
The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...
Design/Logic Flaw
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...
CVE-2015-7364
The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...
CVE-2015-7368
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...
CVE-2015-7367
Revive Adserver (versions
CVE-2015-7369
Revive Adserver before 3.2.2 is affected by multiple CVEs (including CVE-2015-7369: overly permissive crossdomain.xml) that enable cross-domain attacks and session cookie exposure. Core issue: default crossdomain.xml permissions allow access from other domains, facilitating cross-domain attacks. ...
CVE-2015-7370
Multiple cross-site scripting XSS vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation formerly LISA Release Automation 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and...
CVE-2015-7366
Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that 1 perform certain plugin actions and possibly cause a denial of service disabled core plugins via unknown vectors or 2 change the...
CVE-2015-7373
Cross-site scripting XSS vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner...
CVE-2015-7371
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service resource consumption via a direct request...
CVE-2015-7372
This CVE (CVE-2015-7372) affects Revive Adserver up to version 3.2.1. The vulnerability is a Local File Inclusion in the layerstyle parameter of al.php, allowing remote attackers to include and execute arbitrary local files by crafting the layerstyle value (potentially involving a layerstyle.inc....
CVE-2015-7367
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...
CVE-2015-7366
CVE-2015-7366 affects Revive Adserver prior to 3.2.2. The vulnerability arises from insufficient CSRF protection: certain plugin actions can be triggered via GET requests without tokens, and account-user-*.php POST requests can bypass CSRF checks. This could allow remote attackers to hijack user ...
CVE-2015-7371
CVE-2015-7371 affects Revive Adserver
CVE-2015-7368
Revive Adserver before 3.2.2 is affected by CVE-2015-7368: it does not send proper Cache-Control headers for admin UI pages, allowing local users to access cached sensitive information after logout. Affected product/version: Revive Adserver prior to 3.2.2. Root cause: improper header handling lea...
CVE-2015-7373
CVE-2015-7373 : Revive Adserver (