Revive-adserver

Revive Adserver

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-9124

  • EPSS 0.77%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid intro...

9.8

CVE-2017-5830

  • EPSS 3.5%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.

5.9

CVE-2017-5831

  • EPSS 0.22%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.

6.1

CVE-2017-5833

  • EPSS 0.31%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

5.4

CVE-2017-5832

  • EPSS 0.23%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.

4.3

CVE-2015-7373

  • EPSS 0.26%
  • Veröffentlicht 14.10.2015 19:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.

7.5

CVE-2015-7372

  • EPSS 1.95%
  • Veröffentlicht 14.10.2015 19:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.

5

CVE-2015-7371

  • EPSS 0.73%
  • Veröffentlicht 14.10.2015 19:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

4.3

CVE-2015-7370

  • EPSS 0.45%
  • Veröffentlicht 14.10.2015 19:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5...

7.5

CVE-2015-7369

  • EPSS 0.84%
  • Veröffentlicht 14.10.2015 19:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.