Lucene search
+L

721 matches found

Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.92 views

📄 Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution

Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...

6AI score0.00499EPSS
Exploits2
Hacker One
Hacker One
added 2026/06/05 7:50 a.m.11 views

Revive Adserver: XML‑RPC login leak exposes valid session ID enabling unauthorized API access

Vulnerability description not provided...

4.3CVSS5.8AI score0.00173EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.25 views

Revive Adserver 6.0.6 XSS / SQL Injection / Code Injection

Revive Adserver versions 6.0.6 and below suffer from access control, code injection, cross site scripting, and remote SQL injection vulnerabilities...

5.4CVSS5.6AI score0.00499EPSS
Exploits3
Hacker One
Hacker One
added 2026/06/04 8:3 a.m.14 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting

Vulnerability description not provided...

8.8CVSS6.7AI score0.02734EPSS
Exploits2
Hacker One
Hacker One
added 2026/06/04 6:8 a.m.15 views

Revive Adserver: Stored XSS in maintenance tools via unescaped entity names

A stored XSS vulnerability was discovered in the maintenance tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected in the maintenance-acl-check.php and maintenance-banners-check.php files...

5.4CVSS5.8AI score0.00199EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/03 11:4 p.m.13 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass

A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.02734EPSS
Exploits2
Hacker One
Hacker One
added 2026/06/03 10:27 p.m.10 views

Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag

A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...

6.1CVSS5.8AI score0.00222EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/03 9:0 p.m.9 views

Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking

A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...

4.3CVSS5.9AI score0.00287EPSS
Exploits2
Hacker One
Hacker One
added 2026/05/18 8:49 a.m.29 views

Revive Adserver: PHP code injection via unexpected delivery limitation parameter

A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...

8.8CVSS5.9AI score0.0045EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/04/28 3:34 a.m.197 views

Exploit for Stack-based Buffer Overflow in Asustor Data_Master

CVE-2026-6643 — ASUSTOR ADM 5.1.2 RCE Format String CWE-134...

9.9CVSS6.2AI score0.00468EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.10 views

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

5.3AI score
Exploits0
Hacker One
Hacker One
added 2026/04/16 7:50 p.m.19 views

Revive Adserver: Banner status override by advertiser‑level users

A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...

5.4CVSS5.8AI score0.00274EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/16 9:24 a.m.13 views

Revive Adserver: Missing access control when modifying parent entities via XML‑RPC

Vulnerability description not provided...

4.3CVSS5.8AI score0.00235EPSS
Exploits0
Hacker One
Hacker One
added 2026/04/14 1:25 p.m.15 views

Revive Adserver: Session ID reuse allowing XML‑RPC API authentication bypass

Vulnerability description not provided...

4.3CVSS5.8AI score0.0031EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/13 9:57 a.m.14 views

Revive Adserver: Stored XSS via Full Name field in userlog email entries

Vulnerability description not provided...

5.8AI score0.00339EPSS
Exploits1
NVD
NVD
added 2026/04/08 9:16 a.m.2 views

CVE-2026-39561

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

5.3CVSS0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin Revive.so 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/04/07 8:23 p.m.16 views

Revive Adserver: PHP code injection via delivery limitation logical

Vulnerability description not provided...

8.8CVSS5.8AI score0.00499EPSS
Exploits2
Hacker One
Hacker One
added 2026/04/06 4:1 p.m.22 views

Revive Adserver: Reflected XSS via clientid parameter in zone‑include.php

Vulnerability description not provided...

6.1CVSS5.8AI score0.00217EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/06 2:47 p.m.16 views

Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php

Vulnerability description not provided...

8.3CVSS5.8AI score0.00298EPSS
Exploits1
Rows per page
Query Builder