721 matches found
📄 Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution
Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...
Revive Adserver: XML‑RPC login leak exposes valid session ID enabling unauthorized API access
Vulnerability description not provided...
Revive Adserver 6.0.6 XSS / SQL Injection / Code Injection
Revive Adserver versions 6.0.6 and below suffer from access control, code injection, cross site scripting, and remote SQL injection vulnerabilities...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting
Vulnerability description not provided...
Revive Adserver: Stored XSS in maintenance tools via unescaped entity names
A stored XSS vulnerability was discovered in the maintenance tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected in the maintenance-acl-check.php and maintenance-banners-check.php files...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass
A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...
Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag
A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...
Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking
A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...
Revive Adserver: PHP code injection via unexpected delivery limitation parameter
A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...
Exploit for Stack-based Buffer Overflow in Asustor Data_Master
CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...
ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation
Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...
Revive Adserver: Banner status override by advertiser‑level users
A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...
Revive Adserver: Missing access control when modifying parent entities via XML‑RPC
Vulnerability description not provided...
Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass
Vulnerability description not provided...
Revive Adserver: Stored XSS via Full Name field in userlog email entries
Vulnerability description not provided...
CVE-2026-39561
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...
WordPress plugin Revive.so 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Revive Adserver: PHP code injection via delivery limitation logical
Vulnerability description not provided...
Revive Adserver: Reflected XSS via clientid parameter in zone‑include.php
Vulnerability description not provided...
Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php
Vulnerability description not provided...