CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9129
https://notcve.org/view.php?id=CVE-2016-9129
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username. Revive Adserver en versiones anteriores a 3.2.3 sufre de exposición de información a través de discrepancia. Es posible comprobar si una dirección de correo electrónico está o no asociada a una o más cuentas de usuario en una instancia de tarjeta Revive Adserver examinando el mensaje impreso por el sistema de recuperación de contraseñas. • https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5 https://hackerone.com/reports/98612 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9124
https://notcve.org/view.php?id=CVE-2016-9124
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. • https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9 https://hackerone.com/reports/96115 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-287: Improper Authentication CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9470
https://notcve.org/view.php?id=CVE-2016-9470
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de Reflected File Download. `www/delivery/asyncspc.php` era vulnerable al relativamente nuevo vector de ataque web Reflected File Download (RFD) que permite que atacantes obtengan control completo sobre la máquina de la víctima descargando virtualmente un archivo desde un dominio de confianza. • https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 https://hackerone.com/reports/148745 https://www.revive-adserver.com/security/revive-sa-2016-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-254: 7PK - Security Features •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9126
https://notcve.org/view.php?id=CVE-2016-9126
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account. Revive Adserver en versiones anteriores a 3.2.3 sufre de persistente XSS. Los nombres de usuario no se fugan correctamente cuando se muestran en el widget de seguimiento de auditoría del panel de control al iniciar sesión, lo que permite ataques persistentes de XSS. • https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec https://hackerone.com/reports/97073 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9128
https://notcve.org/view.php?id=CVE-2016-9128
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS reflejado. El script affiliate-preview.php en www/admin es vulnerable a un ataque XSS reflejado. • https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3 https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74 https://hackerone.com/reports/99004 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •