Vulnerabilites related to revive-adserver - revive_adserver
cve-2016-9454
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/83964 | vdb-entry, x_refsource_BID | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn\u0027t properly escaped when displayed in most of the banner related pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn\u0027t properly escaped when displayed in most of the banner related pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9454",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9129
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/98612 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/98612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Information Exposure Through Discrepancy (CWE-203)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/98612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Discrepancy (CWE-203)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/98612",
"refsource": "MISC",
"url": "https://hackerone.com/reports/98612"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9129",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9456
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/83964 | vdb-entry, x_refsource_BID | |
| https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9456",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22874
Vulnerability from cvelistv5
Published
2021-01-28 16:09
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1083231 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2021-002/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in 5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1083231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T16:09:23",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1083231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1083231",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1083231"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22874",
"datePublished": "2021-01-28T16:09:23",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22873
Vulnerability from cvelistv5
Published
2021-01-21 19:14
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1081406 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2021-001/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/issues/1068 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jan/60 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in 5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1081406"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect (CWE-601)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T16:06:19",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1081406"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect (CWE-601)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1081406",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1081406"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/issues/1068",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"name": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22873",
"datePublished": "2021-01-21T19:14:44",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7149
Vulnerability from cvelistv5
Published
2013-12-28 02:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ | x_refsource_MISC | |
| http://www.revive-adserver.com/security/REVIVE-SA-2013-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/530471/30/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
"refsource": "MISC",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"name": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"name": "20131220 [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7149",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-12-19T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22871
Vulnerability from cvelistv5
Published
2021-01-21 19:15
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2021-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/819362 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/89b88ce26 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/62a2a0439 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jan/60 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in 5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/819362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Stored (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T16:06:19",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/819362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"name": "https://hackerone.com/reports/819362",
"refsource": "MISC",
"url": "https://hackerone.com/reports/819362"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"name": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22871",
"datePublished": "2021-01-21T19:15:11",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9127
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2 | x_refsource_MISC | |
| https://hackerone.com/reports/99452 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/99452"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/99452"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2"
},
{
"name": "https://hackerone.com/reports/99452",
"refsource": "MISC",
"url": "https://hackerone.com/reports/99452"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9127",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22872
Vulnerability from cvelistv5
Published
2021-01-21 19:15
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2021-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/986365 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Jan/60 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in 5.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/986365"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T16:06:20",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/986365"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"name": "https://hackerone.com/reports/986365",
"refsource": "MISC",
"url": "https://hackerone.com/reports/986365"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
},
{
"name": "20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"name": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22872",
"datePublished": "2021-01-21T19:15:02",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8143
Vulnerability from cvelistv5
Published
2020-04-03 20:52
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/794144 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2020-002/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in >= 5.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/794144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in \u003e= 5.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability was discovered in Revive Adserver version \u003c 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the \u201c/www/admin/*-modify.php\u201d could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the \u201creturnurl\u201d GET parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect (CWE-601)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T20:52:41",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/794144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in \u003e= 5.0.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open Redirect vulnerability was discovered in Revive Adserver version \u003c 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the \u201c/www/admin/*-modify.php\u201d could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the \u201creturnurl\u201d GET parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect (CWE-601)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/794144",
"refsource": "MISC",
"url": "https://hackerone.com/reports/794144"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2020-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8143",
"datePublished": "2020-04-03T20:52:41",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7370
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036193 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/91497 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC | |
| http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "1036193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036193"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "91497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91497"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "1036193",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036193"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "91497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91497"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "1036193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036193"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "91497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91497"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7370",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5440
Vulnerability from cvelistv5
Published
2019-05-28 18:41
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/576504 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: Fixed in 4.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/576504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"status": "affected",
"version": "Fixed in 4.2.1"
}
]
}
],
"datePublic": "2019-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver \u003c v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T14:07:45",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/576504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 4.2.1"
}
]
}
}
]
},
"vendor_name": "Revive"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver \u003c v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/576504",
"refsource": "MISC",
"url": "https://hackerone.com/reports/576504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5440",
"datePublished": "2019-05-28T18:41:05",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5954
Vulnerability from cvelistv5
Published
2014-04-25 10:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/May/68 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/125735 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Mar/270 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/66251 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/532108/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.revive-adserver.com/security/revive-sa-2014-001/ | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91889 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"name": "http://packetstormsecurity.com/files/125735",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125735"
},
{
"name": "20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"name": "66251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66251"
},
{
"name": "20140515 [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"name": "openx-cve20135954-csrf(91889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5954",
"datePublished": "2014-04-25T10:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:41.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7365
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7365",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8115
Vulnerability from cvelistv5
Published
2020-02-04 19:08
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/775693 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2020-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed version v5.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/775693"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed version v5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T19:08:57",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/775693"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed version v5.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/775693",
"refsource": "MISC",
"url": "https://hackerone.com/reports/775693"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2020-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8115",
"datePublished": "2020-02-04T19:08:57",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7367
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7367",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9455
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/97123 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/83964 | vdb-entry, x_refsource_BID | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/97123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver\u0027s user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/97123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver\u0027s user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/97123",
"refsource": "MISC",
"url": "https://hackerone.com/reports/97123"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"name": "83964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9455",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9130
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn\u0027t properly escaped when displayed in the campaign-zone.php script."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn\u0027t properly escaped when displayed in the campaign-zone.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9130",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7373
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"magic-macros\" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"magic-macros\" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7373",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9470
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 | x_refsource_MISC | |
| https://hackerone.com/reports/148745 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-002/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.5 and 4.0.0 |
Version: Revive Adserver All versions before 3.2.5 and 4.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/148745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim\u0027s machine by virtually downloading a file from a trusted domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/148745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim\u0027s machine by virtually downloading a file from a trusted domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2"
},
{
"name": "https://hackerone.com/reports/148745",
"refsource": "MISC",
"url": "https://hackerone.com/reports/148745"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9470",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5831
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/02/3 | mailing-list, x_refsource_MLIST | |
| https://www.revive-adserver.com/security/revive-sa-2017-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95875 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5831",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7371
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7371",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9125
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/93813 | x_refsource_MISC | |
| https://hackerone.com/reports/93809 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/93813"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/93809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/93813"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/93809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://hackerone.com/reports/93813",
"refsource": "MISC",
"url": "https://hackerone.com/reports/93813"
},
{
"name": "https://hackerone.com/reports/93809",
"refsource": "MISC",
"url": "https://hackerone.com/reports/93809"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9125",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8142
Vulnerability from cvelistv5
Published
2020-04-03 20:52
Modified
2024-08-04 09:48
Severity ?
EPSS score ?
Summary
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2020-002/ | x_refsource_MISC | |
| https://hackerone.com/reports/792895 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in >= 5.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/792895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in \u003e= 5.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security restriction bypass vulnerability has been discovered in Revive Adserver version \u003c 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the \u201cpwold\u201d parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization (CWE-863)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-03T20:52:35",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/792895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in \u003e= 5.0.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security restriction bypass vulnerability has been discovered in Revive Adserver version \u003c 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the \u201cpwold\u201d parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Authorization (CWE-863)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2020-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
},
{
"name": "https://hackerone.com/reports/792895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/792895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8142",
"datePublished": "2020-04-03T20:52:35",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22888
Vulnerability from cvelistv5
Published
2021-03-25 19:40
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1097979 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2021-003/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/f472d890 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in v5.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:25.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1097979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T19:40:41",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1097979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in v5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1097979",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1097979"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-003/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/f472d890",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22888",
"datePublished": "2021-03-25T19:40:41",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:25.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7372
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| https://github.com/revive-adserver/revive-adserver/commit/86b623f8 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8",
"refsource": "CONFIRM",
"url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7372",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9457
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/83964 | vdb-entry, x_refsource_BID | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/107879 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4"
},
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/107879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-29T09:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4"
},
{
"name": "83964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/107879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4"
},
{
"name": "83964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://hackerone.com/reports/107879",
"refsource": "MISC",
"url": "https://hackerone.com/reports/107879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9457",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8875
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534264/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/71721 | vdb-entry, x_refsource_BID | |
| http://www.revive-adserver.com/security/revive-sa-2014-002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:11.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"name": "71721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71721"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"name": "71721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71721"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"name": "71721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71721"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-002/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8875",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:11.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9472
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a | x_refsource_MISC | |
| https://hackerone.com/reports/170156 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/14ff73f0 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-002/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.5 and 4.0.0 |
Version: Revive Adserver All versions before 3.2.5 and 4.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/170156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/170156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a"
},
{
"name": "https://hackerone.com/reports/170156",
"refsource": "MISC",
"url": "https://hackerone.com/reports/170156"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9472",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5832
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/02/3 | mailing-list, x_refsource_MLIST | |
| https://www.revive-adserver.com/security/revive-sa-2017-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95875 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user\u0027s email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user\u0027s email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5832",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5833
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/02/3 | mailing-list, x_refsource_MLIST | |
| https://www.revive-adserver.com/security/revive-sa-2017-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95875 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5833",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9471
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/128181 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/05b1eceb | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-002/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.5 and 4.0.0 |
Version: Revive Adserver All versions before 3.2.5 and 4.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/128181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/128181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.5 and 4.0.0",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.5 and 4.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (CWE-75)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/128181",
"refsource": "MISC",
"url": "https://hackerone.com/reports/128181"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9471",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-11-19T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9124
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/96115 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/96115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper Restriction of Excessive Authentication Attempts (CWE-307)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/96115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts (CWE-307)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/96115",
"refsource": "MISC",
"url": "https://hackerone.com/reports/96115"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9124",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7369
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7369",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7364
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/288f81cc | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc",
"refsource": "CONFIRM",
"url": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7364",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7368
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| https://github.com/revive-adserver/revive-adserver/commit/15aac363 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/15aac363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/15aac363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/15aac363",
"refsource": "CONFIRM",
"url": "https://github.com/revive-adserver/revive-adserver/commit/15aac363"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7368",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7366
Vulnerability from cvelistv5
Published
2015-10-14 19:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2015-001 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/536633/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2015/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2015-001",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"name": "20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"name": "20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"name": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7366",
"datePublished": "2015-10-14T19:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8793
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534264/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://github.com/revive-adserver/revive-adserver/commit/2be73f9 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/534269/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/71718 | vdb-entry, x_refsource_BID | |
| http://www.revive-adserver.com/security/revive-sa-2014-002/ | x_refsource_CONFIRM | |
| https://www.htbridge.com/advisory/HTB23242 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
},
{
"name": "20141217 Cross-Site Scripting (XSS) in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"name": "71718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
},
{
"name": "20141217 Cross-Site Scripting (XSS) in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"name": "71718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9",
"refsource": "CONFIRM",
"url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
},
{
"name": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
},
{
"name": "20141217 Cross-Site Scripting (XSS) in Revive Adserver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"name": "71718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71718"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-002/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"name": "https://www.htbridge.com/advisory/HTB23242",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8793",
"datePublished": "2014-12-19T15:00:00",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22889
Vulnerability from cvelistv5
Published
2021-03-25 19:40
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2021-003/ | x_refsource_MISC | |
| https://hackerone.com/reports/1097217 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/2f868414 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in v5.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:24.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1097217"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2f868414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T19:40:55",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1097217"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2f868414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in v5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-003/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"name": "https://hackerone.com/reports/1097217",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1097217"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/2f868414",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/2f868414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22889",
"datePublished": "2021-03-25T19:40:55",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:24.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5433
Vulnerability from cvelistv5
Published
2019-05-06 16:51
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2019-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/390663 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver |
Version: Fixed version v4.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/390663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed version v4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect (CWE-601)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-06T16:51:54",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/390663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver",
"version": {
"version_data": [
{
"version_value": "Fixed version v4.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect (CWE-601)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2019-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"
},
{
"name": "https://hackerone.com/reports/390663",
"refsource": "MISC",
"url": "https://hackerone.com/reports/390663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5433",
"datePublished": "2019-05-06T16:51:54",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9126
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC | |
| https://hackerone.com/reports/97073 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/97073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/97073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"name": "https://hackerone.com/reports/97073",
"refsource": "MISC",
"url": "https://hackerone.com/reports/97073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9126",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22875
Vulnerability from cvelistv5
Published
2021-01-28 16:12
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.revive-adserver.com/security/revive-sa-2021-002/ | x_refsource_MISC | |
| https://hackerone.com/reports/1083376 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/6f46076a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed in 5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1083376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T16:12:14",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1083376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed in 5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-002/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"name": "https://hackerone.com/reports/1083376",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1083376"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22875",
"datePublished": "2021-01-28T16:12:14",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5830
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/02/3 | mailing-list, x_refsource_MLIST | |
| https://www.revive-adserver.com/security/revive-sa-2017-001/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95875 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95875"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5830",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38040
Vulnerability from cvelistv5
Published
2023-09-17 04:41
Modified
2024-09-25 13:54
Severity ?
EPSS score ?
Summary
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Revive | Revive Adserver |
Version: 5.4.1 ≤ 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:12.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1694171"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:53:47.391498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:54:24.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T04:41:38.080Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1694171"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-38040",
"datePublished": "2023-09-17T04:41:38.080Z",
"dateReserved": "2023-07-12T01:00:11.881Z",
"dateUpdated": "2024-09-25T13:54:24.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9407
Vulnerability from cvelistv5
Published
2014-12-19 15:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.revive-adserver.com/security/revive-sa-2014-001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-19T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9407",
"datePublished": "2014-12-19T15:00:00Z",
"dateReserved": "2014-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:24.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22948
Vulnerability from cvelistv5
Published
2021-09-23 12:44
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1187820 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2021-005/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/revive-adserver/revive-adserver |
Version: Fixed version v5.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1187820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/revive-adserver/revive-adserver",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed version v5.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the generation of session IDs in revive-adserver \u003c 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:44:20",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1187820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2021-22948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/revive-adserver/revive-adserver",
"version": {
"version_data": [
{
"version_value": "Fixed version v5.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the generation of session IDs in revive-adserver \u003c 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1187820",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1187820"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2021-005/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2021-22948",
"datePublished": "2021-09-23T12:44:20",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9128
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/99004 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3 | x_refsource_MISC | |
| https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74 | x_refsource_MISC | |
| https://www.revive-adserver.com/security/revive-sa-2016-001/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revive Adserver All versions before 3.2.3 |
Version: Revive Adserver All versions before 3.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/99004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T02:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/99004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revive Adserver All versions before 3.2.3",
"version": {
"version_data": [
{
"version_value": "Revive Adserver All versions before 3.2.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/99004",
"refsource": "MISC",
"url": "https://hackerone.com/reports/99004"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-9128",
"datePublished": "2017-03-28T02:46:00",
"dateReserved": "2016-10-31T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors."
},
{
"lang": "es",
"value": "La pol\u00edtica por defecto Flash cross-domain (crossdomain.xml) en Revive Adserver en versiones anteriores a 3.2.2 no restringe el acceso entre dominios de acceso, lo que permite a atacantes remotos realizar ataques entre dominios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7369",
"lastModified": "2024-11-21T02:36:40.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-14T19:59:08.393",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95875 | ||
| cve@mitre.org | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AFEB95-E6A1-402D-972F-7E8D38B0494C",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user\u0027s email address."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Revive Adserver en versiones anteriores a 4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la direcci\u00f3n de email del usuario."
}
],
"id": "CVE-2017-5832",
"lastModified": "2024-11-21T03:28:28.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/14ff73f0 | Permissions Required, Third Party Advisory | |
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/170156 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/14ff73f0 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/170156 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34AB418F-BAAC-4C3D-9565-14A5E4F48970",
"versionEndIncluding": "3.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6CDCD2-5AA9-4CBB-9AB7-3CD6D2A5F23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufren de XSS reflejado. Los scripts del instalador web de Revive Adserver eran vulnerables a un ataque XSS reflejado a trav\u00e9s de dbHost, dbUser y posiblemente otros par\u00e1metros. Debe tenerse en cuenta que la ventana para que tales vectores de ataque sean posibles es extremadamente estrecha y es muy improbable que tal ataque pueda ser efectivamente efectivo."
}
],
"id": "CVE-2016-9472",
"lastModified": "2024-11-21T03:01:17.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.387",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/170156"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/170156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-06 17:29
Modified
2024-11-21 04:44
Severity ?
Summary
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/390663 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2019-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/390663 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2019-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5364E4-F430-47F1-AE03-88C1BCFF30E7",
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0."
},
{
"lang": "es",
"value": "Un usuario que tenga acceso a la interfaz de usuario (UI) de una instancia de Revive Adserver podr\u00eda ser enga\u00f1ado al hacer clic sobre una URL de administrador account-switch.php espec\u00edficamente creada y que eventualmente llevar\u00eda a otro dominio (no seguro), potencialmente utilizado para sustraer credenciales u otros ataques de phishing. Esta vulnerabilidad fue tratada en la versi\u00f3n 4.2.0."
}
],
"id": "CVE-2019-5433",
"lastModified": "2024-11-21T04:44:55.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-06T17:29:00.620",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/390663"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/390663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2019-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios en peticiones que (1) llevan a cabo ciertas acciones del plugin y posiblemente causan una denegaci\u00f3n de servicio (plugins del n\u00facleo deshabilitados) a trav\u00e9s de vectores desconocidos o (2) cambian el nombre de contacto y el idioma o posiblemente tienen otro impacto no especificado a trav\u00e9s de una petici\u00f3n POST manipulada a una secuencia de comandos account-user-*.php."
}
],
"id": "CVE-2015-7366",
"lastModified": "2024-11-21T02:36:39.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T19:59:04.987",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95875 | ||
| cve@mitre.org | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AFEB95-E6A1-402D-972F-7E8D38B0494C",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos serializados en las cookies relacionadas con las secuencias de comandos de entrega."
}
],
"id": "CVE-2017-5830",
"lastModified": "2024-11-21T03:28:28.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9B9626-648F-49AD-97B8-07CC3456E2C2",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en lib/max/Admin/UI/Field/PublisherIdField.php en Revive Adserver anterior a 3.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro refresh_page hacia www/admin/report-generate.php."
}
],
"id": "CVE-2014-8793",
"lastModified": "2024-11-21T02:19:46.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-19T15:59:12.457",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71718"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23242"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/93809 | Permissions Required | |
| support@hackerone.com | https://hackerone.com/reports/93813 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/93809 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/93813 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre fijaci\u00f3n de la sesi\u00f3n, al permitir que los identificadores de sesi\u00f3n arbitrarios sean forzados, y al mismo tiempo, al no invalidar la sesi\u00f3n existente tras una autenticaci\u00f3n satisfactoria. Bajo algunas circunstancias, que podr\u00edan haber sido una oportunidad para que un atacante robara una sesi\u00f3n autenticada."
}
],
"id": "CVE-2016-9125",
"lastModified": "2024-11-21T03:00:39.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.370",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/93809"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/93813"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/93809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/93813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/05b1eceb | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/128181 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/05b1eceb | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/128181 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34AB418F-BAAC-4C3D-9565-14A5E4F48970",
"versionEndIncluding": "3.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6CDCD2-5AA9-4CBB-9AB7-3CD6D2A5F23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren\u0027t properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de inyecci\u00f3n de elemento especial. Los nombres de usuario no se desinfectaron correctamente al crear usuarios en una instancia de Revive Adserver. Especialmente, los caracteres de control no fueron filtrados, permitiendo que los nombres de usuario aparentemente id\u00e9nticos coexistan en el sistema, debido al hecho de que tales caracteres normalmente se ignoran cuando una p\u00e1gina HTML se muestra en un navegador. El problema podr\u00eda por lo tanto haber sido explotado para la falsificaci\u00f3n de usuarios, aunque se requieren privilegios elevados para crear usuarios dentro de Revive Adserver."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/75.html\"\u003eCWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)\u003c/a\u003e",
"id": "CVE-2016-9471",
"lastModified": "2024-11-21T03:01:17.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.340",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/128181"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/128181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-75"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/148745 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/69aacbd2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/148745 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-002/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34AB418F-BAAC-4C3D-9565-14A5E4F48970",
"versionEndIncluding": "3.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6CDCD2-5AA9-4CBB-9AB7-3CD6D2A5F23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim\u0027s machine by virtually downloading a file from a trusted domain."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de Reflected File Download. `www/delivery/asyncspc.php` era vulnerable al relativamente nuevo vector de ataque web Reflected File Download (RFD) que permite que atacantes obtengan control completo sobre la m\u00e1quina de la v\u00edctima descargando virtualmente un archivo desde un dominio de confianza."
}
],
"id": "CVE-2016-9470",
"lastModified": "2024-11-21T03:01:16.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:01.307",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/148745"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/69aacbd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/148745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/83964 | ||
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/97123 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/97123 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver\u0027s user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificaci\u00f3n en sitios cruzados (CSRF). Una serie de scripts en la interfaz de usuario de Revive Adserver son vulnerables a los ataques CSRF: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`."
}
],
"id": "CVE-2016-9455",
"lastModified": "2024-11-21T03:01:15.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.620",
"references": [
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/97123"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/65a9c8119b4bc7493fd957e1a8d6f6f731298b45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/97123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 20:15
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/f472d890 | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1097979 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2021-003/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/f472d890 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1097979 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2021-003/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32A65BFA-7E74-4D14-80FD-4D4E5B16CD14",
"versionEndExcluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad de tipo XSS reflejado en el par\u00e1metro \"status\" del archivo campaign-zone-zones.php.\u0026#xa0;Un atacante podr\u00eda enga\u00f1ar a un usuario con acceso a la interfaz de usuario de una instancia de Revive Adserver para hacer clic en una URL espec\u00edficamente dise\u00f1ada y ejecutar c\u00f3digo JavaScript inyectado"
}
],
"id": "CVE-2021-22888",
"lastModified": "2024-11-21T05:50:50.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T20:15:12.507",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1097979"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1097979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-03 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/794144 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2020-002/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/794144 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2020-002/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26BF6678-398D-449B-965D-891EF3E28680",
"versionEndExcluding": "5.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability was discovered in Revive Adserver version \u003c 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the \u201c/www/admin/*-modify.php\u201d could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the \u201creturnurl\u201d GET parameter."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de Redireccionamiento Abierto en Revive Adserver versi\u00f3n anteriores a 5.0.5 y reportada por el usuario hoangn144 de HackerOne. Un atacante remoto podr\u00eda enga\u00f1ar a usuarios registrados para abrir un enlace espec\u00edficamente dise\u00f1ado y redireccionarlos hacia cualquier destino. La protecci\u00f3n de CSRF en el archivo \u201c/www/admin/*-modify.php\u201d podr\u00eda ser omitida si no se env\u00eda un par\u00e1metro significativo. Ninguna acci\u00f3n se realiz\u00f3, pero el usuario a\u00fan fue redireccionado hacia la p\u00e1gina objetivo, especificada por medio del par\u00e1metro GET \"returnurl\"."
}
],
"id": "CVE-2020-8143",
"lastModified": "2024-11-21T05:38:22.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-03T21:15:12.717",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/794144"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/794144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-17 05:15
Modified
2024-11-21 08:12
Severity ?
Summary
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1694171 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1694171 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4105460-20E1-45B8-80B1-DA8041D6B7B1",
"versionEndIncluding": "5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores."
}
],
"id": "CVE-2023-38040",
"lastModified": "2024-11-21T08:12:43.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-17T05:15:10.213",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1694171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1694171"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el formulario de actualizaci\u00f3n del plugin en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del nombre de archivo de un archivo descargado que contiene errores."
}
],
"id": "CVE-2015-7365",
"lastModified": "2024-11-21T02:36:39.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T19:59:03.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/775693 | Exploit, Patch, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2020-001/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/775693 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2020-001/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B2099E-A9EA-4106-B234-460E5A9F43D6",
"versionEndIncluding": "5.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de tipo XSS reflejado en el script de entrega afr.php de acceso p\u00fablico de Revive Adserver versiones anteriores e incluyendo a la 5.0.3 de Jacopo Tediosi. Actualmente no existen explotaciones conocidas: el identificador de sesi\u00f3n no puede ser accedido ya que est\u00e1 almacenado en una cookie solo http a partir de la versi\u00f3n v3.2.2. Sin embargo, en versiones anteriores, en circunstancias espec\u00edficas, podr\u00eda ser posible robar el identificador de sesi\u00f3n y conseguir acceso a la interfaz de administraci\u00f3n. La cadena de consulta enviada en el script www/delivery/afr.php fue impresa sin escapar apropiadamente en un contexto JavaScript, permitiendo a un atacante ejecutar c\u00f3digo JS arbitrario en el navegador de la v\u00edctima."
}
],
"id": "CVE-2020-8115",
"lastModified": "2024-11-21T05:38:19.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T20:15:13.213",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/775693"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/775693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/83964 | ||
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificaci\u00f3n en sitios cruzados (CSRF). El equipo Revive Adserver realiz\u00f3 una auditor\u00eda de seguridad de los scripts de interfaz de administraci\u00f3n a fin de identificar y corregir otras vulnerabilidades potenciales de CSRF. M\u00e1s de 20 + estos problemas fueron solucionados."
}
],
"id": "CVE-2016-9456",
"lastModified": "2024-11-21T03:01:15.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.667",
"references": [
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-28 19:29
Modified
2024-11-21 04:44
Severity ?
Summary
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/576504 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/576504 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EECFFC-D1A0-42DD-AD60-85A922AA9159",
"versionEndExcluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver \u003c v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header."
},
{
"lang": "es",
"value": "El uso de PRNG (Generador de Numeros PseudoRandom) PRNG criptogr\u00e1ficamente d\u00e9bil en la generaci\u00f3n de token de recuperaci\u00f3n de contrase\u00f1a de Revive Adserver anterior a la versi\u00f3n 4.2.1, provoca un potencial ataque de omisi\u00f3n de autenticaci\u00f3n si un atacante explota la funcionalidad de recuperaci\u00f3n de contrase\u00f1a (password recovery)."
}
],
"id": "CVE-2019-5440",
"lastModified": "2024-11-21T04:44:56.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-28T19:29:06.190",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/576504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/576504"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"magic-macros\" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funcionalidad \u0027magic-macros\u0027 en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro GET, que no es manejado adecuadamente en el banner."
}
],
"id": "CVE-2015-7373",
"lastModified": "2024-11-21T02:36:40.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T19:59:12.567",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token."
},
{
"lang": "es",
"value": "La librer\u00eda HTML_Quickform, como se utiliza en Revive Adserver en versiones anteriores a 3.2.2, permite a atacantes remotos eludir el mecanismo de protecci\u00f3n CSRF a trav\u00e9s de un token vac\u00edo."
}
],
"id": "CVE-2015-7364",
"lastModified": "2024-11-21T02:36:39.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T19:59:00.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/288f81cc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en open-flash-chart.swf en Open Flash Chart 2, como es utilizado en el plugin VideoAds en Revive Adserver en versiones anteriores a 3.2.2 y CA Release Automation (anteriormente LISA Release Automation) 5.0.2 en versiones anteriores a 5.0.2-227, 5.5.1 en versiones anteriores a 5.5.1-1616, 5.5.2 en versiones anteriores a 5.5.2-434 y 6.1.0 en versiones anteriores a 6.1.0-1026, permite a atacantes remotos inyectar secuencias de comandos web HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) id o (2) data-file."
}
],
"id": "CVE-2015-7370",
"lastModified": "2024-11-21T02:36:40.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-14T19:59:09.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/91497"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1036193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160627-01-security-notice-for-release-automation.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1036193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn\u0027t properly escaped when displayed in the campaign-zone.php script."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS persistente. Existe un vector para ataques XSS persistentes a trav\u00e9s de la interfaz de usuario Revive Adserver, requiriendo una cuenta de confianza (no admin). El nombre del sitio web no se fug\u00f3 correctamente cuando se muestra en el script campaign-zone.php."
}
],
"id": "CVE-2016-9130",
"lastModified": "2024-11-21T03:00:40.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.557",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/83964 | ||
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn\u0027t properly escaped when displayed in most of the banner related pages."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de Persistent XSS. Existe un vector para ataques XSS persistentes a trav\u00e9s de la interfaz de usuario Revive Adserver, que requiere una cuenta de confianza (no admin). La imagen del banner URL para banners externos no se fug\u00f3 correctamente cuando se visualiz\u00f3 en la mayor\u00eda de las p\u00e1ginas relacionadas con banners."
}
],
"id": "CVE-2016-9454",
"lastModified": "2024-11-21T03:01:15.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.590",
"references": [
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95875 | ||
| cve@mitre.org | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AFEB95-E6A1-402D-972F-7E8D38B0494C",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la generaci\u00f3n de c\u00f3digo de invocaci\u00f3n para zonas intersticiales en Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados."
}
],
"id": "CVE-2017-5833",
"lastModified": "2024-11-21T03:28:28.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA528298-DAAD-4C82-A08C-9F916F5A86BF",
"versionEndExcluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable."
},
{
"lang": "es",
"value": "Revive Adserver anterior a la versi\u00f3n 5.1.0 es vulnerable a una vulnerabilidad de scripting cruzado (XSS) reflejada a trav\u00e9s del script de entrega afr.php de acceso p\u00fablico. Si bien este problema se abord\u00f3 anteriormente en los navegadores modernos como CVE-2020-8115, algunos navegadores antiguos (por ejemplo, IE10) que no codifican autom\u00e1ticamente los par\u00e1metros de la URL segu\u00edan siendo vulnerables"
}
],
"id": "CVE-2021-22872",
"lastModified": "2024-11-21T05:50:48.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:19.100",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/986365"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/986365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS reflejado. El script affiliate-preview.php en www/admin es vulnerable a un ataque XSS reflejado. Esta vulnerabilidad podr\u00eda ser utilizada por un atacante para robar el identificador de sesi\u00f3n de un usuario autenticado, enga\u00f1\u00e1ndolos para que visiten una direcci\u00f3n URL espec\u00edfica."
}
],
"id": "CVE-2016-9128",
"lastModified": "2024-11-21T03:00:40.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.480",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/99004"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/99004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.2 no restringe adecuadamente el acceso a run-mpe.php, lo que permite a atacantes remotos ejecutar el Maintenance Priority Engine y posiblemente causar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de una petici\u00f3n directa."
}
],
"id": "CVE-2015-7371",
"lastModified": "2024-11-21T02:36:40.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-14T19:59:10.393",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/97073 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/97073 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de persistente XSS. Los nombres de usuario no se fugan correctamente cuando se muestran en el widget de seguimiento de auditor\u00eda del panel de control al iniciar sesi\u00f3n, lo que permite ataques persistentes de XSS. Un usuario autenticado con suficientes privilegios para crear otros usuarios podr\u00eda explotar la vulnerabilidad para acceder a la cuenta de administrador."
}
],
"id": "CVE-2016-9126",
"lastModified": "2024-11-21T03:00:40.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.417",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/97073"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/97073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA528298-DAAD-4C82-A08C-9F916F5A86BF",
"versionEndExcluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a 5.1.0 es vulnerable a redireccionamientos abiertos por medio de los par\u00e1metros \"dest\",\"oadest\" y/o \"ct0\" de los scripts de entrega de los archivos lg.php y ck.php.\u0026#xa0;Estos redireccionamientos abiertos hab\u00edan estado disponibles anteriormente por dise\u00f1o para permitir a unos servidores de anuncios de terceros rastrear tales m\u00e9tricas al entregar anuncios.\u0026#xa0;Sin embargo, el seguimiento de clics de terceros por medio de los redireccionamientos ya no es una opci\u00f3n viable, conllevando a que dicha funcionalidad de redireccionamiento abierto sea eliminada y reclasificada como una vulnerabilidad"
}
],
"id": "CVE-2021-22873",
"lastModified": "2024-11-21T05:50:48.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:19.163",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1081406"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/issues/1068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1081406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.revive-adserver.com/security/revive-sa-2014-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.revive-adserver.com/security/revive-sa-2014-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC4AD4-6377-4113-B74C-77FEAE01EF5D",
"versionEndIncluding": "3.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/."
},
{
"lang": "es",
"value": "Diversas vulnerabilidades de CSRF en Revive Adserver anterior a 3.0.5 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que (1) borren datos a trav\u00e9s de una petici\u00f3n a agency-delete.php, (2) a tracker-delete.php o (3) a userlog-delete.php en admin/ o (4) desenlazar cuentas a trav\u00e9s de peticiones a admin-user-unlink.php. (5) a advertiser-user-unlink.php o (6) affiliate-user-unlink.php en admin/."
}
],
"id": "CVE-2014-9407",
"lastModified": "2024-11-21T02:20:48.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-19T15:59:33.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA528298-DAAD-4C82-A08C-9F916F5A86BF",
"versionEndExcluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a 5.1.0, permite a cualquier usuario con una cuenta de administrador almacenar contenido posiblemente malicioso en la propiedad del sitio web URL, que luego es mostrada sin saneamiento en la pantalla de generaci\u00f3n de etiquetas affiliate-preview.php, conllevando a una vulnerabilidad de tipo cross-site scripting (XSS ) persistente"
}
],
"id": "CVE-2021-22871",
"lastModified": "2024-11-21T05:50:48.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:19.020",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/819362"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/60"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/819362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 14:15
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC4AD4-6377-4113-B74C-77FEAE01EF5D",
"versionEndIncluding": "3.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F957F8C-88C3-4F0C-85A8-27AA58847DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A00DC86E-06BB-458E-8E99-8DFD77607FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DAE4E2-081D-44BE-89F5-204C0659B038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8581E3-9185-45A6-9BCA-B77A9D3D7F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9EE001-25C5-466C-BF2B-C0B255E10886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBDAB70-27FA-4D81-A06E-5E394828513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEECC7-1A82-4994-82BE-1E7F8E15068A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0302A92C-9659-4F68-A97B-6EBE08D86B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C60BF997-9E26-4B7A-8243-2CCDC74CAAC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "06D09511-33F0-4759-A379-6A9C1B2ADFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en OpenX 2.8.11 y anteriores permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que eliminan (1) usuarios a trav\u00e9s de admin/agency-user-unlink.php, (2) anunciantes a trav\u00e9s de admin/advertiser-delete.php, (3) banners a trav\u00e9s de admin/banner-delete.php, (4) campa\u00f1as a trav\u00e9s de admin/campaign-delete.php, (5) canales a trav\u00e9s de admin/channel-delete.php, (6) sitios web afiliados a trav\u00e9s de admin/affiliate-delete.php o (7) zonas a trav\u00e9s de admin/zone-delete.php."
}
],
"id": "CVE-2013-5954",
"lastModified": "2024-11-21T01:58:29.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T14:15:30.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "cve@mitre.org",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/125735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/May/68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532108/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos llevar a cabo acciones no especificadas aprovechando una sesi\u00f3n que no ha expirado despu\u00e9s de que el usuario ha sido (1) eliminado o (2) desvinculado."
}
],
"id": "CVE-2015-7367",
"lastModified": "2024-11-21T02:36:39.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-14T19:59:06.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.2 no env\u00eda las cabeceras Cache-Control HTTP apropiadas en las respuestas para las p\u00e1ginas de interfaz de usuario de administrador, lo que permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de la cache del navegador web."
}
],
"id": "CVE-2015-7368",
"lastModified": "2024-11-21T02:36:39.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-14T19:59:07.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/15aac363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/15aac363"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-28 17:15
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/6f46076a | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1083376 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2021-002/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/6f46076a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1083376 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2021-002/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0FFA4-CC9A-400E-90FE-8811056DB8E3",
"versionEndExcluding": "5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo stats.php por medio del par\u00e1metro \"setPerPage\""
}
],
"id": "CVE-2021-22875",
"lastModified": "2024-11-21T05:50:48.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T17:15:12.243",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1083376"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/6f46076a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1083376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-28 17:15
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8 | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1083231 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2021-002/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1083231 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2021-002/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E0FFA4-CC9A-400E-90FE-8811056DB8E3",
"versionEndExcluding": "5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo userlog-index.php por medio del par\u00e1metro \"period_preset\""
}
],
"id": "CVE-2021-22874",
"lastModified": "2024-11-21T05:50:48.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T17:15:12.103",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1083231"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/e2a67ce8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1083231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-23 13:15
Modified
2024-11-21 05:51
Severity ?
Summary
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1187820 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2021-005/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1187820 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2021-005/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83BEB88E-698A-452B-8523-F8FB093C7AE6",
"versionEndExcluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:5.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "842527A6-A5A8-4FBA-A52C-51F19EFA2B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the generation of session IDs in revive-adserver \u003c 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la generaci\u00f3n de IDs de sesi\u00f3n en revive-adserver versiones anteriores a 5.3.0, basada en la funci\u00f3n PHP uniqid() criptogr\u00e1ficamente no segura. Bajo algunas circunstancias, un atacante podr\u00eda te\u00f3ricamente ser capaz de forzar los ID de sesi\u00f3n para hacerse con una cuenta espec\u00edfica"
}
],
"id": "CVE-2021-22948",
"lastModified": "2024-11-21T05:51:00.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-23T13:15:08.760",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1187820"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1187820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-28 04:53
Modified
2024-11-21 02:00
Severity ?
Summary
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openx | openx | * | |
| openx | openx | 2.8.10 | |
| revive-adserver | revive_adserver | * | |
| revive-adserver | revive_adserver | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openx:openx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CD7FFD-B76C-4A3D-BAE5-B675D2E67600",
"versionEndIncluding": "2.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openx:openx:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7A24FA-D282-402B-9F80-ECA190406EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2957BC4-6065-450A-A60E-C914B7B82ED6",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A9DBF-E65E-43A6-B1BA-082A3FCB2A02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en www / entrega / axmlrpc.php (tambi\u00e9n conocido como el XML-RPC invocaci\u00f3n de entrega de script) en Revive Adserver antes de 3.0.2, y OpenX Fuente 2.8.11 y anteriores, permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro de lo que a un m\u00e9todo de XML-RPC."
}
],
"id": "CVE-2013-7149",
"lastModified": "2024-11-21T02:00:25.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/REVIVE-SA-2013-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/530471/30/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-14 19:59
Modified
2024-11-21 02:36
Severity ?
Summary
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26841997-7365-4967-ACD5-385D2BB84686",
"versionEndIncluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en delivery-dev/al.php en Revive Adserver en versiones anteriores a 3.2.2 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro layerstyle."
}
],
"id": "CVE-2015-7372",
"lastModified": "2024-11-21T02:36:40.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-14T19:59:11.393",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2015-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536633/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/86b623f8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/99452 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/99452 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificaci\u00f3n en sitios cruzados (CSRF). El formulario de recuperaci\u00f3n de contrase\u00f1a en Revive Adserver es vulnerable a ataques CSRF. Esta vulnerabilidad podr\u00eda explotarse para enviar un gran n\u00famero de correos electr\u00f3nicos de recuperaci\u00f3n de contrase\u00f1as a los usuarios registrados, especialmente en conjunci\u00f3n con un error que provoc\u00f3 que los mensajes de recuperaci\u00f3n se enviaran a todos los usuarios a la vez. Ambos problemas han sido solucionados."
}
],
"id": "CVE-2016-9127",
"lastModified": "2024-11-21T03:00:40.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.450",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/99452"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/3aaebcc765797d2c684e031f2836e0a69d6b7bc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/99452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-19 15:59
Modified
2024-11-21 02:19
Severity ?
Summary
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9B9626-648F-49AD-97B8-07CC3456E2C2",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack."
},
{
"lang": "es",
"value": "La funci\u00f3n XML_RPC_cd en lib/pear/XML/RPC.php en Revive Adserver anterior a 3.0.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de peticiones XML-RPC, tambi\u00e9n conocido como un ataque XML Entity Expansion (XEE)."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2014-8875",
"lastModified": "2024-11-21T02:19:53.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T15:59:13.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 20:15
Modified
2024-11-21 05:50
Severity ?
Summary
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/2f868414 | Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1097217 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2021-003/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/2f868414 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1097217 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2021-003/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32A65BFA-7E74-4D14-80FD-4D4E5B16CD14",
"versionEndExcluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad XSS reflejado en el par\u00e1metro \"statsBreakdown\" del archivo stats.php (y posiblemente otros scripts) debido a que las comillas simples no se escapan.\u0026#xa0;Un atacante podr\u00eda enga\u00f1ar a un usuario con acceso a la interfaz de usuario de una instancia de Revive Adserver para que haga clic en una URL dise\u00f1ada espec\u00edficamente y presionar una determinada combinaci\u00f3n de teclas para ejecutar el c\u00f3digo JavaScript inyectado"
}
],
"id": "CVE-2021-22889",
"lastModified": "2024-11-21T05:50:50.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T20:15:12.617",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2f868414"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1097217"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/2f868414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1097217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:01
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://www.securityfocus.com/bid/83964 | ||
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/107879 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83964 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/107879 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS reflejado. `www/admin/stats.php` es vulnerable a los ataques XSS reflejados a trav\u00e9s de m\u00faltiples par\u00e1metros que no se desinfectan correctamente o se escapan cuando se muestran, como setPerPage, pageId, bannerid, period_start, period_end y posiblemente otros."
}
],
"id": "CVE-2016-9457",
"lastModified": "2024-11-21T03:01:15.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.700",
"references": [
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/107879"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/107879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/98612 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/98612 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de exposici\u00f3n de informaci\u00f3n a trav\u00e9s de discrepancia. Es posible comprobar si una direcci\u00f3n de correo electr\u00f3nico est\u00e1 o no asociada a una o m\u00e1s cuentas de usuario en una instancia de tarjeta Revive Adserver examinando el mensaje impreso por el sistema de recuperaci\u00f3n de contrase\u00f1as. Sin embargo, dicha informaci\u00f3n no se puede utilizar directamente para iniciar sesi\u00f3n en el sistema, lo que requiere un nombre de usuario."
}
],
"id": "CVE-2016-9129",
"lastModified": "2024-11-21T03:00:40.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.527",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/98612"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/98612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 02:59
Modified
2024-11-21 03:00
Severity ?
Summary
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9 | Issue Tracking, Patch, Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/96115 | Permissions Required | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/96115 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2016-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA",
"versionEndIncluding": "3.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress."
},
{
"lang": "es",
"value": "Revive Adserver en versiones anteriores a 3.2.3. sufre de restricci\u00f3n incorrecta de intentos de autenticaci\u00f3n excesiva. La p\u00e1gina de inicio de sesi\u00f3n de Revive Adserver es vulnerable a los ataques de detecci\u00f3n de contrase\u00f1a. Una caracter\u00edstica de bloqueo de cuenta ha sido considerada, pero se rechaz\u00f3 para evitar la introducci\u00f3n de interrupciones del servicio a usuarios regulares durante dichos ataques. Un retraso aleatorio se ha introducido como una contramedida en caso de fallos de contrase\u00f1a, junto con un sistema para desalentar el forzamiento bruto paralelo. Estos sistemas permitir\u00e1n efectivamente que los usuarios v\u00e1lidos inicien sesi\u00f3n en el adserver, incluso mientras un ataque est\u00e1 en progreso."
}
],
"id": "CVE-2016-9124",
"lastModified": "2024-11-21T03:00:39.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T02:59:00.323",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9"
},
{
"source": "support@hackerone.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/96115"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/revive-adserver/revive-adserver/commit/847941390f5b3310d51b07c92ec91cc1f4cc82c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/96115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-03 21:15
Modified
2024-11-21 05:38
Severity ?
Summary
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/792895 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://www.revive-adserver.com/security/revive-sa-2020-002/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/792895 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2020-002/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26BF6678-398D-449B-965D-891EF3E28680",
"versionEndExcluding": "5.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security restriction bypass vulnerability has been discovered in Revive Adserver version \u003c 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the \u201cpwold\u201d parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de seguridad ha sido detectada en Revive Adserver versiones anteriores a 5.0.5, por el usuario hoangn144 de HackerOne. Revive Adserver, como muchas otras aplicaciones, requiere que el usuario registrado escriba la contrase\u00f1a actual a fin de cambiar la direcci\u00f3n de correo electr\u00f3nico o la contrase\u00f1a. Sin embargo, era posible que cualquier persona con acceso a una interfaz de usuario administrador de Revive Adserver omitiera tal comprobaci\u00f3n y cambiara la direcci\u00f3n de correo electr\u00f3nico o la contrase\u00f1a del usuario registrado actualmente mediante la modificaci\u00f3n de la carga \u00fatil del formulario. El ataque requiere acceso f\u00edsico a la interfaz de usuario de usuario registrado. Si la carga \u00fatil POST fue alterada al convertir el par\u00e1metro \"pwold\" en una matriz, Revive Adserver buscar\u00e1 y autorizar\u00e1 la operaci\u00f3n incluso si ninguna contrase\u00f1a fue proporcionada."
}
],
"id": "CVE-2020-8142",
"lastModified": "2024-11-21T05:38:22.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-03T21:15:12.670",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/792895"
},
{
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/792895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2020-002/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95875 | ||
| cve@mitre.org | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| revive-adserver | revive_adserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AFEB95-E6A1-402D-972F-7E8D38B0494C",
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."
},
{
"lang": "es",
"value": "Vulnerabilidad de reparaci\u00f3n de sesi\u00f3n en el mecanismo de contrase\u00f1a olvidada en Revive Adserver en versiones anteriores a 4.0.1, cuando se establece una nueva contrase\u00f1a, permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de la ID de sesi\u00f3n."
}
],
"id": "CVE-2017-5831",
"lastModified": "2024-11-21T03:28:28.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:01.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}