Description
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.15.727)
WordPress Plugin Pardakht Delkhah Cross-Site Scripting (2.9.2)
WordPress Plugin GD Star Rating 'de' Parameter SQL Injection (1.9.10)
phpMyAdmin Other Vulnerability (CVE-2004-1055)
WordPress Plugin Simple Instagram Feed Cross-Site Scripting (1.3)