NotCVE - vendor:"Revive-adserver" product:"Revive Adserver" version:" <= 4.0.0"

Page 5 of 48 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-7372 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7372

07 Oct 2015 — Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter. Vulnerabilidad de salto de directorio en delivery-dev/al.php en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de un .. (punto punto) en el parámetro layerstyle. Revive Adserver versions 3.2.1 and below suffer from impro... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7373 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7373

07 Oct 2015 — Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner. Vulnerabilidad de XSS en la funcionalidad 'magic-macros' en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro GET, que no es manejado adecuadamente en el banner. Revive Adserve... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-7369 – Revive Adserver 3.2.1 CSRF / XSS / Local File Inclusion

https://notcve.org/view.php?id=CVE-2015-7369

07 Oct 2015 — The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors. La política por defecto Flash cross-domain (crossdomain.xml) en Revive Adserver en versiones anteriores a 3.2.2 no restringe el acceso entre dominios de acceso, lo que permite a atacantes remotos realizar ataques entre dominios a través de vectores no especificados. Revive Adserver versions... • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-9407

https://notcve.org/view.php?id=CVE-2014-9407

19 Dec 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. Diversas vulnerabilidades de CSRF en Revive Adserver anterior a 3.0.5 permite a at... • http://www.revive-adserver.com/security/revive-sa-2014-001 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4

CVE-2014-8793 – Revive Adserver 3.0.5 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-8793

17 Dec 2014 — Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. Vulnerabilidad de XSS en lib/max/Admin/UI/Field/PublisherIdField.php en Revive Adserver anterior a 3.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro refresh_page hacia www/admin/report-generate.php. Rev... • https://packetstorm.news/files/id/129622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-8875 – Revive Adserver 3.0.5 Cross Site Scripting / Denial of Service

https://notcve.org/view.php?id=CVE-2014-8875

17 Dec 2014 — The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. La función XML_RPC_cd en lib/pear/XML/RPC.php en Revive Adserver anterior a 3.0.6 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de peticiones XML-RPC, también conocido como un ataque XML Entity Expansion (XEE). Revive Adser... • https://packetstorm.news/files/id/129621 •

CVSS: 6.8EPSS: 5%CPEs: 13EXPL: 5

CVE-2013-5954 – OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities

https://notcve.org/view.php?id=CVE-2013-5954

15 Mar 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php. Múltiples vul... • https://packetstorm.news/files/id/125735 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-7149 – Revive Adserver 3.0.1 SQL Injection

https://notcve.org/view.php?id=CVE-2013-7149

20 Dec 2013 — SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. Vulnerabilidad de inyección SQL en www / entrega / axmlrpc.php (también conocido como el XML-RPC invocación de entrega de script) en Revive Adserver antes de 3.0.2, y OpenX Fuente 2.8.11 y anteriores, permite a atacantes remotos ejecutar ... • http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1...3 4 5