Shodan
Vulnerabilities
Vulnerable Software
Revive-Adserver:  >> Revive Adserver  Security Vulnerabilities
CVE-2017-5830
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
CVSS Score
9.8
EPSS Score
0.035
Published
2017-03-03
CVE-2017-5831
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5832
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2015-7373
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-10-14
CVE-2015-7372
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
CVSS Score
7.5
EPSS Score
0.02
Published
2015-10-14
CVE-2015-7371
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
CVSS Score
5.0
EPSS Score
0.007
Published
2015-10-14
CVE-2015-7370
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-10-14
CVE-2015-7369
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-10-14
CVE-2015-7368
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-10-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved