|
257451
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9130
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257452
|
5.3 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Rev…
|
CWE-200
Information Exposure
|
CVE-2016-9129
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257453
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to stea…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9128
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257454
|
8.8 |
HIGH
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send…
|
CWE-352
Origin Validation Error
|
CVE-2016-9127
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257455
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9126
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257456
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au…
|
CWE-384
Session Fixation
|
CVE-2016-9125
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257457
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown …
|
CWE-287
Improper Authentication
|
CVE-2016-9124
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257458
|
7.5 |
HIGH
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9123
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257459
|
7.5 |
HIGH
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate …
|
CWE-284
Improper Access Control
|
CVE-2016-9122
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257460
|
9.1 |
CRITICAL
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2016-9121
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
