Matteo Beccati

22 exploits Active since Oct 2015
CVE-2015-7364 WRITEUP WRITEUP
Revive-adserver Revive Adserver < 3.2.1 - CSRF
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
CVE-2015-7368 WRITEUP WRITEUP
Revive-adserver Revive Adserver < 3.2.1 - Information Disclosure
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
CVE-2015-7372 WRITEUP WRITEUP
Revive-adserver Revive Adserver < 3.2.1 - Path Traversal
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
CVE-2016-9124 WRITEUP CRITICAL WRITEUP
Revive Adserver <3.2.3 - Auth Bypass
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.
CVSS 9.8
CVE-2016-9125 WRITEUP CRITICAL WRITEUP
Revive Adserver <3.2.3 - Session Fixation
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
CVSS 9.8
CVE-2016-9126 WRITEUP MEDIUM WRITEUP
Revive Adserver <3.2.3 - XSS
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.
CVSS 5.4
CVE-2016-9127 WRITEUP HIGH WRITEUP
Revive Adserver <3.2.3 - CSRF
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
CVSS 8.8
CVE-2016-9128 WRITEUP MEDIUM WRITEUP
Revive Adserver <3.2.3 - XSS
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL.
CVSS 5.4
CVE-2016-9129 WRITEUP MEDIUM WRITEUP
Revive Adserver <3.2.3 - Info Disclosure
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
CVSS 5.3
CVE-2016-9130 WRITEUP MEDIUM WRITEUP
Revive Adserver <3.2.3 - XSS
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
CVSS 5.4
CVE-2016-9454 WRITEUP MEDIUM WRITEUP
Revive-adserver Revive Adserver < 3.2.2 - XSS
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
CVSS 5.4
CVE-2016-9455 WRITEUP HIGH WRITEUP
Revive-adserver Revive Adserver < 3.2.2 - CSRF
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
CVSS 8.8
CVE-2016-9456 WRITEUP HIGH WRITEUP
Revive-adserver Revive Adserver < 3.2.2 - CSRF
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
CVSS 8.8
CVE-2016-9457 WRITEUP MEDIUM WRITEUP
Revive-adserver Revive Adserver < 3.2.2 - XSS
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
CVSS 5.4
CVE-2016-9470 WRITEUP CRITICAL WRITEUP
Revive-adserver Revive Adserver < 3.2.4 - Security Feature Bypass
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
CVSS 9.0
CVE-2016-9471 WRITEUP LOW WRITEUP
Revive Adserver <3.2.5, 4.0.0 - Code Injection
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
CVSS 3.1
CVE-2016-9472 WRITEUP MEDIUM WRITEUP
Revive-adserver Revive Adserver < 3.2.4 - XSS
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
CVSS 5.4
CVE-2021-22871 WRITEUP MEDIUM WRITEUP
Revive Adserver <5.1.0 - XSS
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
CVSS 4.8
CVE-2021-22874 WRITEUP MEDIUM WRITEUP
Revive Adserver <5.1.1 - XSS
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
CVSS 6.1
CVE-2021-22875 WRITEUP MEDIUM WRITEUP
Revive Adserver <5.1.1 - XSS
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
CVSS 6.1
CVE-2021-22888 WRITEUP MEDIUM WRITEUP
Revive Adserver <5.2.0 - XSS
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
CVSS 6.1
CVE-2021-22889 WRITEUP MEDIUM WRITEUP
Revive Adserver <5.2.0 - XSS
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
CVSS 6.1