Lucene search
K

709 matches found

CVE
CVE
added 2015/10/14 7:0 p.m.61 views

CVE-2015-7373

CVE-2015-7373 : Revive Adserver (

4.3CVSS5.7AI score0.01953EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.55 views

CVE-2015-7372

This CVE (CVE-2015-7372) affects Revive Adserver up to version 3.2.1. The vulnerability is a Local File Inclusion in the layerstyle parameter of al.php, allowing remote attackers to include and execute arbitrary local files by crafting the layerstyle value (potentially involving a layerstyle.inc....

7.5CVSS7.2AI score0.03073EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.58 views

CVE-2015-7365

Revive Adserver is affected by CVE-2015-7365: a reflected XSS in the plugin upgrade form where filenames of uploaded files containing errors are not properly escaped. The vulnerability affects Revive Adserver versions

4.3CVSS5.8AI score0.01953EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.56 views

CVE-2015-7369

Revive Adserver before 3.2.2 is affected by multiple CVEs (including CVE-2015-7369: overly permissive crossdomain.xml) that enable cross-domain attacks and session cookie exposure. Core issue: default crossdomain.xml permissions allow access from other domains, facilitating cross-domain attacks. ...

7.5CVSS6.7AI score0.0325EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.65 views

CVE-2015-7371

CVE-2015-7371 affects Revive Adserver

5CVSS6.8AI score0.02586EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/10/14 7:0 p.m.55 views

CVE-2015-7366

CVE-2015-7366 affects Revive Adserver prior to 3.2.2. The vulnerability arises from insufficient CSRF protection: certain plugin actions can be triggered via GET requests without tokens, and account-user-*.php POST requests can bypass CSRF checks. This could allow remote attackers to hijack user ...

6.8CVSS8.2AI score0.01114EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.27 views

CVE-2015-7364

The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...

6.6AI score0.01143EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.24 views

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

5.7AI score0.00539EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.27 views

CVE-2015-7367

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...

6.7AI score0.02544EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.21 views

CVE-2015-7369

The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...

6.5AI score0.0325EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.27 views

CVE-2015-7366

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that 1 perform certain plugin actions and possibly cause a denial of service disabled core plugins via unknown vectors or 2 change the...

8.1AI score0.01114EPSS
Exploits1References4
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.31 views

CVE-2015-7371

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service resource consumption via a direct request...

6.6AI score0.02586EPSS
Exploits1References4
CVE
CVE
added 2015/10/14 7:0 p.m.50 views

CVE-2015-7370

The CVE-2015-7370 entry applies to Revive Adserver’s VideoAds component using Open Flash Chart 2, where open-flash-chart.swf is vulnerable to reflected XSS via id and data-file parameters. Affects Revive Adserver up to 3.2.1 (and related CA/OpenX integrations) with the VideoAds plugin; CVSS v2 ba...

4.3CVSS5.9AI score0.02239EPSS
Exploits1References7Affected Software1
0day.today
0day.today
added 2015/10/08 12:0 a.m.108 views

Revive Adserver 3.2.1 Multiple Vulnerabilities

Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities. ========================================================================...

7.5CVSS6.3AI score0.0325EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/01/13 12:0 a.m.21 views

Revive Adserver Multiple Vulnerabilities

Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver";...

5CVSS6.5AI score0.02564EPSS
Exploits3References3
CNVD
CNVD
added 2014/12/26 12:0 a.m.0 views

Multiple Cross-Site Request Forgery Vulnerabilities in Revive Adserver

Revive Adserver is open source ad server. Versions of Revive Adserver prior to 3.0.5 have multiple cross-site request forgery vulnerabilities that allow remote attackers to exploit vulnerabilities to hijack administrator request authentication...

6.8CVSS7.2AI score0.00576EPSS
Exploits0References1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.91 views

Cross-Site Scripting (XSS) in Revive Adserver

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS0.1AI score0.02309EPSS
Exploits3
NVD
NVD
added 2014/12/19 3:59 p.m.17 views

CVE-2014-9407

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 delete data via a request to agency-delete.php, 2 tracker-delete.php, or 3 userlog-delete.php in admin/ or 4 unlink...

6.8CVSS7.2AI score0.00576EPSS
Exploits0References1
NVD
NVD
added 2014/12/19 3:59 p.m.39 views

CVE-2014-8875

The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...

5CVSS6.4AI score0.02564EPSS
Exploits1References4
NVD
NVD
added 2014/12/19 3:59 p.m.47 views

CVE-2014-8793

Cross-site scripting XSS vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refreshpage parameter to www/admin/report-generate.php...

4.3CVSS5.6AI score0.02309EPSS
Exploits3References8
Rows per page
Query Builder