Show filters
50 Total Results
Displaying 31-40 of 50
Sort by:
Attacker Value
Unknown

CVE-2016-9455

Disclosure Date: March 28, 2017 (last updated November 26, 2024)
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
0
0
Attacker Value
Unknown

CVE-2017-5832

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
0
0
Attacker Value
Unknown

CVE-2017-5830

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
0
0
Attacker Value
Unknown

CVE-2017-5833

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
0
0
Attacker Value
Unknown

CVE-2017-5831

Disclosure Date: March 03, 2017 (last updated November 26, 2024)
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
0
0
Attacker Value
Unknown

CVE-2015-7372

Disclosure Date: October 14, 2015 (last updated October 05, 2023)
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
0
0
Attacker Value
Unknown

CVE-2015-7365

Disclosure Date: October 14, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
0
0
Attacker Value
Unknown

CVE-2015-7367

Disclosure Date: October 14, 2015 (last updated October 05, 2023)
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
0
0
Attacker Value
Unknown

CVE-2015-7369

Disclosure Date: October 14, 2015 (last updated October 05, 2023)
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-7371

Disclosure Date: October 14, 2015 (last updated October 05, 2023)
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
0
0
View More Topics  < Previous  Next >