Required CVE Record Information
Description
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
References 5 Total
- http://www.revive-adserver.com/security/revive-sa-2015-001
- https://github.com/revive-adserver/revive-adserver/commit/86b623f8
- securityfocus.com: 20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities mailing-list
- seclists.org: 20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities mailing-list
- http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- http://www.revive-adserver.com/security/revive-sa-2015-001 x_transferred
- https://github.com/revive-adserver/revive-adserver/commit/86b623f8 x_transferred
- securityfocus.com: 20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities mailing-listx_transferred
- seclists.org: 20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities mailing-listx_transferred
- http://packetstormsecurity.com/files/133893/Revive-Adserver-3.2.1-CSRF-XSS-Local-File-Inclusion.html x_transferred