Description
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shopello API Cross-Site Scripting (2.9.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1975)
WordPress Plugin Real-Time Find and Replace Cross-Site Scripting (3.8)
WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (1.12)