Revive Adserver Security Vulnerabilities and Issues — Revive Adserver CVE List

Lucene search

Revive-adserverRevive Adserver

10 matches found

CVE•added 2015/10/14 7:59 p.m.•50 views

CVE-2015-7371

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

5CVSS6.8AI score0.00734EPSS

CVE•added 2015/10/14 7:59 p.m.•48 views

CVE-2015-7365

Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2015/10/14 7:59 p.m.•45 views

CVE-2015-7373

Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2015/10/14 7:59 p.m.•44 views

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.

2.1CVSS5.8AI score0.00062EPSS

CVE•added 2015/10/14 7:59 p.m.•43 views

CVE-2015-7364

The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.

6.8CVSS6.8AI score0.0017EPSS

CVE•added 2015/10/14 7:59 p.m.•43 views

CVE-2015-7369

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

7.5CVSS6.7AI score0.00844EPSS

CVE•added 2015/10/14 7:59 p.m.•42 views

CVE-2015-7367

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.

7.5CVSS6.8AI score0.00656EPSS

CVE•added 2015/10/14 7:59 p.m.•41 views

CVE-2015-7366

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) chan...

6.8CVSS8.2AI score0.00227EPSS

CVE•added 2015/10/14 7:59 p.m.•40 views

CVE-2015-7372

Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.

7.5CVSS7.2AI score0.01953EPSS

CVE•added 2015/10/14 7:59 p.m.•38 views

CVE-2015-7370

Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and...

4.3CVSS5.9AI score0.00452EPSS