Lucene search
K

7 matches found

NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.32 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.33 views

CVE-2026-44959

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery...

8.8CVSS0.0045EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/05/18 8:49 a.m.26 views

Revive Adserver: PHP code injection via unexpected delivery limitation parameter

A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...

8.8CVSS5.9AI score0.0045EPSS
Exploits1
Hacker One
Hacker One
added 2025/12/20 7:8 p.m.12 views

Revive Adserver: [revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter

Vulnerability description not provided...

6.1CVSS6.8AI score0.00163EPSS
Exploits0
Prion
Prion
added 2006/03/28 11:6 a.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...

4.3CVSS6.1AI score0.0191EPSS
Exploits0References13Affected Software2
Cvelist
Cvelist
added 2006/03/28 11:0 a.m.22 views

CVE-2006-1397

Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...

5.8AI score0.0191EPSS
Exploits0References13
Rows per page
Query Builder