Page 8 of 48 results (0.004 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache. Revive Adserver en versiones anteriores a 3.2.2 no envía las cabeceras Cache-Control HTTP apropiadas en las respuestas para las páginas de interfaz de usuario de administrador, lo que permite a usuarios locales obtener información sensible a través de la cache del navegador web. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded https://github.com/revive-adserver/revive-adserver/commit/15aac363 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos llevar a cabo acciones no especificadas aprovechando una sesión que no ha expirado después de que el usuario ha sido (1) eliminado o (2) desvinculado. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token. La librería HTML_Quickform, como se utiliza en Revive Adserver en versiones anteriores a 3.2.2, permite a atacantes remotos eludir el mecanismo de protección CSRF a través de un token vacío. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded https://github.com/revive-adserver/revive-adserver/commit/288f81cc • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter. Múltiples vulnerabilidades de XSS en open-flash-chart.swf en Open Flash Chart 2, como es utilizado en el plugin VideoAds en Revive Adserver en versiones anteriores a 3.2.2 y CA Release Automation (anteriormente LISA Release Automation) 5.0.2 en versiones anteriores a 5.0.2-227, 5.5.1 en versiones anteriores a 5.5.1-1616, 5.5.2 en versiones anteriores a 5.5.2-434 y 6.1.0 en versiones anteriores a 6.1.0-1026, permite a atacantes remotos inyectar secuencias de comandos web HTML arbitrarios a través del parámetro (1) id o (2) data-file. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded http://www.securityfocus.com/bid/91497 http://www.securitytracker.com/id&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. Múltiples vulnerabilidades de CSRF en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos secuestrar la autenticación de usuarios en peticiones que (1) llevan a cabo ciertas acciones del plugin y posiblemente causan una denegación de servicio (plugins del núcleo deshabilitados) a través de vectores desconocidos o (2) cambian el nombre de contacto y el idioma o posiblemente tienen otro impacto no especificado a través de una petición POST manipulada a una secuencia de comandos account-user-*.php. • http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html http://seclists.org/fulldisclosure/2015/Oct/32 http://www.revive-adserver.com/security/revive-sa-2015-001 http://www.securityfocus.com/archive/1/536633/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •