Revive Adserver@4.0.0 Security Vulnerabilities and Issues — Revive Adserver@4.0.0 CVE List

Lucene search

Revive-adserverRevive Adserver4.0.0

3 matches found

CVE•added 2017/03/28 2:59 a.m.•46 views

CVE-2016-9470

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trus...

9.3CVSS9.2AI score0.0054EPSS

CVE•added 2017/03/28 2:59 a.m.•34 views

CVE-2016-9471

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact...

3.1CVSS4.1AI score0.00271EPSS

CVE•added 2017/03/28 2:59 a.m.•32 views

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow...

5.4CVSS5.2AI score0.00364EPSS