CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8142
https://notcve.org/view.php?id=CVE-2020-8142
03 Apr 2020 — A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requ... • https://hackerone.com/reports/792895 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 63%CPEs: 1EXPL: 1CVE-2020-8115
https://notcve.org/view.php?id=CVE-2020-8115
04 Feb 2020 — A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back witho... • https://hackerone.com/reports/775693 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5440
https://notcve.org/view.php?id=CVE-2019-5440
28 May 2019 — Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header. El uso de PRNG (Generador de Numeros PseudoRandom) ... • https://hackerone.com/reports/576504 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 2CVE-2019-5434 – Revive Adserver 4.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-5434
06 May 2019 — An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to ... • https://packetstorm.news/files/id/155559 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5433
https://notcve.org/view.php?id=CVE-2019-5433
06 May 2019 — A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0. Un usuario que tenga acceso a la interfaz de usuario (UI) de una instancia de Revive Adserver podría ser engañado al hacer clic sobre una URL de administrador account-switch.php específ... • https://hackerone.com/reports/390663 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9127
https://notcve.org/view.php?id=CVE-2016-9127
28 Mar 2017 — Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificación en sitios cruzados (CSRF). • https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9130
https://notcve.org/view.php?id=CVE-2016-9130
28 Mar 2017 — Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script. Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS persistente. Existe un vector para ataques XSS persistentes a través de la interfaz de usuario Revive Adserver, requiriendo una cuenta de confianza (no admin). • https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9454
https://notcve.org/view.php?id=CVE-2016-9454
28 Mar 2017 — Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages. Revive Adserver en versiones anteriores a 3.2.3 sufre de Persistent XSS. Existe un vector para ataques XSS persistentes a través de la interfaz de usuario Revive Adserver, que requiere una cuenta de confianza (no... • http://www.securityfocus.com/bid/83964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9456
https://notcve.org/view.php?id=CVE-2016-9456
28 Mar 2017 — Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificación en sitios cruzados (CSRF). El equipo Revive Adserver realizó una auditoría de seguridad de los scripts de interfaz de administración a fin de identificar y corregir otr... • http://www.securityfocus.com/bid/83964 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9457
https://notcve.org/view.php?id=CVE-2016-9457
28 Mar 2017 — Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS reflejado. `www/admin/stats.php` es vulnerable a los ataques XSS reflejados a través de múltiples parámetros que no se desinfectan correctamente o se escapan cuando ... • http://www.securityfocus.com/bid/83964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •