Lucene search
K

674 matches found

CVE
CVE
added 2014/12/19 3:0 p.m.52 views

CVE-2014-8875

Revive Adserver is affected by CVE-2014-8875 due to an XML Entity Expansion (XEE) vulnerability in the XML_RPC_cd function of lib/pear/XML/RPC.php. The advisory details that the Revive Adserver XML-RPC endpoints (delivery/XMLRPC and API endpoints) may be exploited by crafted XML payloads to exhau...

5CVSS6.5AI score0.02564EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2014/12/17 12:0 a.m.85 views

Revive Adserver 3.0.5 Cross Site Scripting

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS6.5AI score0.02309EPSS
Exploits3
Packet Storm
Packet Storm
added 2014/12/17 12:0 a.m.72 views

Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-002 ------------------------------------------------------------------------ http://www.revive-adserver.com/security/revive-sa-2014-002...

5CVSS0.1AI score0.02564EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2014/12/17 12:0 a.m.21 views

Revive Adserver < 3.1.0 Multiple Vulnerabilities

Binary data 8607.prm...

5CVSS6.9AI score0.02564EPSS
Exploits3References4
htbridge
htbridge
added 2014/11/12 12:0 a.m.53 views

Cross-Site Scripting (XSS) in Revive Adserver

High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...

2.6CVSS5.3AI score0.02309EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/26 12:0 a.m.17 views

Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities

According to its version number, the Revive Adserver install hosted on the remote web server is affected by multiple cross-site request forgery CSRF vulnerabilities. This can allow an attacker to delete data and cause service disruptions by enticing an authenticated user to follow a crafted URL...

6.8CVSS5.5AI score0.03099EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2014/06/26 12:0 a.m.217 views

Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection

The Revive Adserver install hosted on the remote web server is affected by a SQL injection vulnerability because the 'www/delivery/axmlrpc.php' script fails to properly sanitize user-supplied input passed to the 'what' parameter. This can allow a remote, unauthenticated attacker to execute...

7.5CVSS6.4AI score0.02011EPSS
Exploits1References3
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.79 views

[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2014-001 CVE ID: CVE-2013-5954 Date: 2014-05-15 Security risk: Moderate...

6.8CVSS0.9AI score0.03099EPSS
Exploits2
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.105 views

[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2013-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2013-001 CVE ID: CVE-2013-7149 Date: 2013-12-20 Security risk: Critical...

7.5CVSS7.1AI score0.02011EPSS
Exploits1
NVD
NVD
added 2013/12/28 4:53 a.m.26 views

CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

7.5CVSS8.2AI score0.02011EPSS
Exploits1References3
Prion
Prion
added 2013/12/28 4:53 a.m.19 views

Sql injection

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

7.5CVSS8.9AI score0.02011EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2013/12/28 2:0 a.m.63 views

CVE-2013-7149

CVE-2013-7149 describes a SQL injection in Revive Adserver’s XML-RPC delivery script (www/delivery/axmlrpc.php) via the what parameter, affecting Revive Adserver &lt;= 3.0.1 and OpenX Source

7.5CVSS8.5AI score0.02011EPSS
Exploits1References3Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2013/12/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php aka the XML-RPC delivery invocation script in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method...

7.5CVSS6.2AI score0.02011EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/12/20 12:0 a.m.41 views

OpenX -- SQL injection vulnerability

Revive reports: An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be...

7.5CVSS6.7AI score0.02011EPSS
Exploits1References2
Rows per page
Query Builder