Revive-adserver Revive_adserver

33 CVEs affecting Revive-adserver Revive_adserver. Latest disclosed: 2017-03-28. Critical: 4, High: 3.

Top CVEs affecting Revive-adserver Revive_adserver
CVESeverityScorePublishedSummary
CVE-2016-9125Critical9.82017-03-28Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating t…
CVE-2016-9124Critical9.82017-03-28Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to passwor…
CVE-2017-5830Critical9.82017-03-03Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
CVE-2016-9470Critical9.02017-03-28Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Downlo…
CVE-2016-9456High8.82017-03-28Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts…
CVE-2016-9455High8.82017-03-28Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF att…
CVE-2016-9127High8.82017-03-28Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This…
CVE-2017-5833Medium6.12017-03-03Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to in…
CVE-2017-5831Medium5.92017-03-03Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack…
CVE-2016-9472Medium5.42017-03-28Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the…
CVE-2016-9457Medium5.42017-03-28Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not prop…
CVE-2016-9454Medium5.42017-03-28Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a truste…
CVE-2016-9130Medium5.42017-03-28Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a truste…
CVE-2016-9128Medium5.42017-03-28Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerabil…
CVE-2016-9126Medium5.42017-03-28Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon log…
CVE-2017-5832Medium5.42017-03-03Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user'…
CVE-2016-9129Medium5.32017-03-28Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to o…
CVE-2016-9471Low3.12017-03-28Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver in…
CVE-2015-73732015-10-14Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script o…
CVE-2015-73722015-10-14Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files v…