Page 4 of 48 results (0.004 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5831

https://notcve.org/view.php?id=CVE-2017-5831

03 Mar 2017 — Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. Vulnerabilidad de reparación de sesión en el mecanismo de contraseña olvidada en Revive Adserver en versiones anteriores a 4.0.1, cuando se establece una nueva contraseña, permite a atacantes remotos secuestrar sesiones web a través de la ID de sesión. • http://www.openwall.com/lists/oss-security/2017/02/02/3 • CWE-384: Session Fixation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5832

https://notcve.org/view.php?id=CVE-2017-5832

03 Mar 2017 — Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. Vulnerabilidad de XSS en Revive Adserver en versiones anteriores a 4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de la dirección de email del usuario. • http://www.openwall.com/lists/oss-security/2017/02/02/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5833

https://notcve.org/view.php?id=CVE-2017-5833

03 Mar 2017 — Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en la generación de código de invocación para zonas intersticiales en Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados. • http://www.openwall.com/lists/oss-security/2017/02/02/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7364 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7364

07 Oct 2015 — The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token. La librería HTML_Quickform, como se utiliza en Revive Adserver en versiones anteriores a 3.2.2, permite a atacantes remotos eludir el mecanismo de protección CSRF a través de un token vacío. Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross site scripting, local file inclusion, and various other... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7365 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7365

07 Oct 2015 — Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors. Vulnerabilidad de XSS en el formulario de actualización del plugin en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de archivo de un archivo descargado que contiene errores. Revive Adserve... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7366 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7366

07 Oct 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. Múltiples vulnerabilidades de CSRF en Revive Adserver en versiones anteriores ... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7367 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7367

07 Oct 2015 — Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos llevar a cabo acciones no especificadas aprovechando una sesión que no ha expirado después de que el usuario ha sido (1) eliminado o (2) desvinculado. Revive Adserver versions 3.2.1 and below suffer from improper access controls, cross site request forgery, cross ... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7368 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7368

07 Oct 2015 — Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache. Revive Adserver en versiones anteriores a 3.2.2 no envía las cabeceras Cache-Control HTTP apropiadas en las respuestas para las páginas de interfaz de usuario de administrador, lo que permite a usuarios locales obtener información sensible a través de la cache del navegador web. Revive Adserver versions 3.2.... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7370 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7370

07 Oct 2015 — Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter. Múltiples vulnerabilidades de XSS en open-flash-chart.swf en Open Flash Chart 2, c... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7371 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7371

07 Oct 2015 — Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request. Revive Adserver en versiones anteriores a 3.2.2 no restringe adecuadamente el acceso a run-mpe.php, lo que permite a atacantes remotos ejecutar el Maintenance Priority Engine y posiblemente causar una denegación de servicio (consumo de recursos) a través de una petición directa. Revive Ad... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-264: Permissions, Privileges, and Access Controls CWE-399: Resource Management Errors •