Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /srv/www/cyberthreat.blog/wordpress/wp-includes/functions.php on line 6114
Fortify Security Team, Author at Cyberthreat Blog from Fortify24x7 Page 124 of 132
Deprecated: Hook wp_smush_should_skip_parse is deprecated since version 3.16.1! Use wp_smush_should_skip_lazy_load instead. in /srv/www/cyberthreat.blog/wordpress/wp-includes/functions.php on line 6114

Deprecated: Hook wp_smush_should_skip_parse is deprecated since version 3.16.1! Use wp_smush_should_skip_lazy_load instead. in /srv/www/cyberthreat.blog/wordpress/wp-includes/functions.php on line 6114

Author: Fortify Security Team

CVE-2016-9127

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password...

Read More

CVE-2016-9126

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with...

Read More

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn’t properly escaped...

Read More

CVE-2016-9124

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but...

Read More