Revive Adserver Security Vulnerabilities and Issues — Revive Adserver CVE List

Lucene search

Revive-adserverRevive Adserver

5 matches found

CVE•added 2013/12/28 4:53 a.m.•49 views

CVE-2013-7149

SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.

7.5CVSS8.5AI score0.00517EPSS

CVE•added 2015/10/14 7:59 p.m.•43 views

CVE-2015-7369

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

7.5CVSS6.7AI score0.00844EPSS

CVE•added 2015/10/14 7:59 p.m.•42 views

CVE-2015-7367

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.

7.5CVSS6.8AI score0.00656EPSS

CVE•added 2015/10/14 7:59 p.m.•41 views

CVE-2015-7372

Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.

7.5CVSS7.2AI score0.01953EPSS

CVE•added 2021/09/23 1:15 p.m.•32 views

CVE-2021-22948

Vulnerability in the generation of session IDs in revive-adserver

7.1CVSS6.6AI score0.00545EPSS