Revive-adserver

Revive Adserver

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-9457

  • EPSS 0.21%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_star...

8.8

CVE-2016-9456

  • EPSS 0.15%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues we...

8.8

CVE-2016-9455

  • EPSS 0.13%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanc...

5.4

CVE-2016-9454

  • EPSS 0.32%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped wh...

5.4

CVE-2016-9130

  • EPSS 0.27%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campa...

5.3

CVE-2016-9129

  • EPSS 0.22%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message prin...

5.4

CVE-2016-9128

  • EPSS 0.31%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by trick...

8.8

CVE-2016-9127

  • EPSS 0.14%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the ...

5.4

CVE-2016-9126

  • EPSS 0.26%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create...

9.8

CVE-2016-9125

  • EPSS 1.08%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could ...