Vulnerabilities > Revive Adserver > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-28 | CVE-2019-5440 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. | 6.8 |
| 2019-05-06 | CVE-2019-5433 | Open Redirect vulnerability in Revive-Adserver Revive Adserver A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. | 5.8 |
| 2017-03-28 | CVE-2016-9456 | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
| 2017-03-28 | CVE-2016-9455 | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
| 2017-03-28 | CVE-2016-9129 | Information Exposure vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. | 5.0 |
| 2017-03-28 | CVE-2016-9127 | Cross-Site Request Forgery (CSRF) vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). | 6.8 |
| 2017-03-28 | CVE-2016-9124 | Improper Authentication vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. | 5.0 |
| 2017-03-03 | CVE-2017-5833 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2017-03-03 | CVE-2017-5831 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | 5.5 |
| 2015-10-14 | CVE-2015-7373 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner. | 4.3 |