Vulnerabilities > Revive Adserver > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22948 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. | 7.1 |
| 2017-03-28 | CVE-2016-9125 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. | 7.5 |
| 2017-03-03 | CVE-2017-5830 | Deserialization of Untrusted Data vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | 7.5 |
| 2015-10-14 | CVE-2015-7372 | Path Traversal vulnerability in Revive-Adserver Revive Adserver Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2015-10-14 | CVE-2015-7369 | Improper Access Control vulnerability in Revive-Adserver Revive Adserver The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors. | 7.5 |
| 2015-10-14 | CVE-2015-7367 | Improper Access Control vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. | 7.5 |
| 2013-12-28 | CVE-2013-7149 | SQL Injection vulnerability in multiple products SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. | 7.5 |