2 matches found
CVE-2026-50744
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...
PT-2026-52651
Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description An authentication bypass exists in the XML-RPC API. The ox.login method returns a session ID cookie in the HTTP headers even when the method returns an error. Because the associated session is not...