Vulnerabilities > Revive Adserver
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-03 | CVE-2017-5831 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 5.5 |
2017-03-03 | CVE-2017-5830 | Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 7.5 |
2015-10-14 | CVE-2015-7373 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner. | 4.3 |
2015-10-14 | CVE-2015-7372 | Path Traversal vulnerability in Revive-Adserver Revive Adserver Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2015-10-14 | CVE-2015-7371 | Permissions, Privileges, and Access Controls vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request. | 5.0 |
2015-10-14 | CVE-2015-7370 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter. | 4.3 |
2015-10-14 | CVE-2015-7369 | Improper Access Control vulnerability in Revive-Adserver Revive Adserver The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors. | 7.5 |
2015-10-14 | CVE-2015-7368 | Information Exposure vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache. | 2.1 |
2015-10-14 | CVE-2015-7367 | Improper Access Control vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. | 7.5 |
2015-10-14 | CVE-2015-7366 | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. | 6.8 |