CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9471
https://notcve.org/view.php?id=CVE-2016-9471
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de inyección de elemento especial. • https://github.com/revive-adserver/revive-adserver/commit/05b1eceb https://hackerone.com/reports/128181 https://www.revive-adserver.com/security/revive-sa-2016-002 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9470
https://notcve.org/view.php?id=CVE-2016-9470
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de Reflected File Download. `www/delivery/asyncspc.php` era vulnerable al relativamente nuevo vector de ataque web Reflected File Download (RFD) que permite que atacantes obtengan control completo sobre la máquina de la víctima descargando virtualmente un archivo desde un dominio de confianza. • https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 https://hackerone.com/reports/148745 https://www.revive-adserver.com/security/revive-sa-2016-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9472
https://notcve.org/view.php?id=CVE-2016-9472
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective. Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufren de XSS reflejado. Los scripts del instalador web de Revive Adserver eran vulnerables a un ataque XSS reflejado a través de dbHost, dbUser y posiblemente otros parámetros. • https://github.com/revive-adserver/revive-adserver/commit/14ff73f0 https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a https://hackerone.com/reports/170156 https://www.revive-adserver.com/security/revive-sa-2016-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5831
https://notcve.org/view.php?id=CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. Vulnerabilidad de reparación de sesión en el mecanismo de contraseña olvidada en Revive Adserver en versiones anteriores a 4.0.1, cuando se establece una nueva contraseña, permite a atacantes remotos secuestrar sesiones web a través de la ID de sesión. • http://www.openwall.com/lists/oss-security/2017/02/02/3 http://www.securityfocus.com/bid/95875 https://www.revive-adserver.com/security/revive-sa-2017-001 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-5830
https://notcve.org/view.php?id=CVE-2017-5830
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de datos serializados en las cookies relacionadas con las secuencias de comandos de entrega. • http://www.openwall.com/lists/oss-security/2017/02/02/3 http://www.securityfocus.com/bid/95875 https://www.revive-adserver.com/security/revive-sa-2017-001 • CWE-502: Deserialization of Untrusted Data •