ID de Prueba:	1.3.6.1.4.1.25623.1.0.106320
Categoría:	Web application abuses
Título:	Revive Adserver Multiple Vulnerabilities
Resumen:	Revive Adserver is prone to multiple vulnerabilities.
Descripción:	Summary: Revive Adserver is prone to multiple vulnerabilities. Vulnerability Insight: Revive Adserver is prone to multiple vulnerabilities: - www/delivery/asyncspc.php is vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. - Usernames aren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters are not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue can beexploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. - Revive Adserver web installer scripts are vulnerable to a reflected XSS attack via the dbHost, dbUser and possibly other parameters. Vulnerability Impact: A remote attacker may gain complete control. Affected Software/OS: Revive Adserver version 3.2.4 and prior. Solution: Upgrade to version 3.2.5 or later CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.