674 matches found
CVE-2014-8875
Revive Adserver is affected by CVE-2014-8875 due to an XML Entity Expansion (XEE) vulnerability in the XML_RPC_cd function of lib/pear/XML/RPC.php. The advisory details that the Revive Adserver XML-RPC endpoints (delivery/XMLRPC and API endpoints) may be exploited by crafted XML payloads to exhau...
Revive Adserver 3.0.5 Cross Site Scripting
Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...
Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service
======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ http://www.revive-adserver.com/security/revive-sa-2014-002...
Revive Adserver < 3.1.0 Multiple Vulnerabilities
Binary data 8607.prm...
Cross-Site Scripting (XSS) in Revive Adserver
High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...
Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities
According to its version number, the Revive Adserver install hosted on the remote web server is affected by multiple cross-site request forgery CSRF vulnerabilities. This can allow an attacker to delete data and cause service disruptions by enticing an authenticated user to follow a crafted URL...
Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection
The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...
[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability
======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2014-001 CVE ID: CVE-2013-5954 Date: 2014-05-15 Security risk: Moderate...
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability
======================================================================== Revive Adserver Security Advisory REVIVE-SA-2013-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2013-001 CVE ID: CVE-2013-7149 Date: 2013-12-20 Security risk: Critical...
CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
Sql injection
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
CVE-2013-7149
CVE-2013-7149 describes a SQL injection in Revive Adserver’s XML-RPC delivery script (www/delivery/axmlrpc.php) via the what parameter, affecting Revive Adserver <= 3.0.1 and OpenX Source
VulnCheck KEV: CVE-2013-7149
SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...
OpenX -- SQL injection vulnerability
Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...