709 matches found
CVE-2015-7373
CVE-2015-7373 : Revive Adserver (
CVE-2015-7372
This CVE (CVE-2015-7372) affects Revive Adserver up to version 3.2.1. The vulnerability is a Local File Inclusion in the layerstyle parameter of al.php, allowing remote attackers to include and execute arbitrary local files by crafting the layerstyle value (potentially involving a layerstyle.inc....
CVE-2015-7365
Revive Adserver is affected by CVE-2015-7365: a reflected XSS in the plugin upgrade form where filenames of uploaded files containing errors are not properly escaped. The vulnerability affects Revive Adserver versions
CVE-2015-7369
Revive Adserver before 3.2.2 is affected by multiple CVEs (including CVE-2015-7369: overly permissive crossdomain.xml) that enable cross-domain attacks and session cookie exposure. Core issue: default crossdomain.xml permissions allow access from other domains, facilitating cross-domain attacks. ...
CVE-2015-7371
CVE-2015-7371 affects Revive Adserver
CVE-2015-7366
CVE-2015-7366 affects Revive Adserver prior to 3.2.2. The vulnerability arises from insufficient CSRF protection: certain plugin actions can be triggered via GET requests without tokens, and account-user-*.php POST requests can bypass CSRF checks. This could allow remote attackers to hijack user ...
CVE-2015-7364
The HTMLQuickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token...
CVE-2015-7368
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...
CVE-2015-7367
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been 1 deleted or 2 unlinked...
CVE-2015-7369
The default Flash cross-domain policy crossdomain.xml in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors...
CVE-2015-7366
Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that 1 perform certain plugin actions and possibly cause a denial of service disabled core plugins via unknown vectors or 2 change the...
CVE-2015-7371
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service resource consumption via a direct request...
CVE-2015-7370
The CVE-2015-7370 entry applies to Revive Adserver’s VideoAds component using Open Flash Chart 2, where open-flash-chart.swf is vulnerable to reflected XSS via id and data-file parameters. Affects Revive Adserver up to 3.2.1 (and related CA/OpenX integrations) with the VideoAds plugin; CVSS v2 ba...
Revive Adserver 3.2.1 Multiple Vulnerabilities
Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other vulnerabilities. ========================================================================...
Revive Adserver Multiple Vulnerabilities
Revive Adserver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revive:adserver";...
Multiple Cross-Site Request Forgery Vulnerabilities in Revive Adserver
Revive Adserver is open source ad server. Versions of Revive Adserver prior to 3.0.5 have multiple cross-site request forgery vulnerabilities that allow remote attackers to exploit vulnerabilities to hijack administrator request authentication...
Cross-Site Scripting (XSS) in Revive Adserver
Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...
CVE-2014-9407
Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 delete data via a request to agency-delete.php, 2 tracker-delete.php, or 3 userlog-delete.php in admin/ or 4 unlink...
CVE-2014-8875
The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...
CVE-2014-8793
Cross-site scripting XSS vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refreshpage parameter to www/admin/report-generate.php...