Revive-adserver

Revive Adserver

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-9125

  • EPSS 2.66%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could ...

9.8

CVE-2016-9124

  • EPSS 2.23%
  • Veröffentlicht 28.03.2017 02:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid intro...

9.8

CVE-2017-5830

  • EPSS 3.3%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.

5.9

CVE-2017-5831

  • EPSS 1.17%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.

6.1

CVE-2017-5833

  • EPSS 1.68%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

5.4

CVE-2017-5832

  • EPSS 1.34%
  • Veröffentlicht 03.03.2017 15:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.

4.3

CVE-2015-7373

  • EPSS 1.95%
  • Veröffentlicht 14.10.2015 19:59:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.

7.5

CVE-2015-7372

  • EPSS 3.07%
  • Veröffentlicht 14.10.2015 19:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.

5

CVE-2015-7371

  • EPSS 2.59%
  • Veröffentlicht 14.10.2015 19:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

4.3

CVE-2015-7370

  • EPSS 2.24%
  • Veröffentlicht 14.10.2015 19:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5...