CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2017-5830
https://notcve.org/view.php?id=CVE-2017-5830
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de datos serializados en las cookies relacionadas con las secuencias de comandos de entrega. • http://www.openwall.com/lists/oss-security/2017/02/02/3 http://www.securityfocus.com/bid/95875 https://www.revive-adserver.com/security/revive-sa-2017-001 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5832
https://notcve.org/view.php?id=CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. Vulnerabilidad de XSS en Revive Adserver en versiones anteriores a 4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de la dirección de email del usuario. • http://www.openwall.com/lists/oss-security/2017/02/02/3 http://www.securityfocus.com/bid/95875 https://www.revive-adserver.com/security/revive-sa-2017-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5833
https://notcve.org/view.php?id=CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en la generación de código de invocación para zonas intersticiales en Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados. • http://www.openwall.com/lists/oss-security/2017/02/02/3 http://www.securityfocus.com/bid/95875 https://www.revive-adserver.com/security/revive-sa-2017-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7365
https://notcve.org/view.php?id=CVE-2015-7365
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors. Vulnerabilidad de XSS en el formulario de actualización del plugin en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de archivo de un archivo descargado que contiene errores. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7369
https://notcve.org/view.php?id=CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors. La política por defecto Flash cross-domain (crossdomain.xml) en Revive Adserver en versiones anteriores a 3.2.2 no restringe el acceso entre dominios de acceso, lo que permite a atacantes remotos realizar ataques entre dominios a través de vectores no especificados. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded • CWE-284: Improper Access Control •