Revive-adserver » Revive Adserver : Security Vulnerabilities, CVEs, Published In October 2015 (Denial of service)
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
Max CVSS
5.0
EPSS Score
0.63%
Published
2015-10-14
Updated
2018-10-09
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
Max CVSS
6.8
EPSS Score
0.24%
Published
2015-10-14
Updated
2018-10-09
2 vulnerabilities found