This host is installed with Admin News Tools and is prone to multiple vulnerabilities.
Successful exploitation will allow remote attackers to bypass security restrictions by gaining sensitive information and redirect the user to other malicious sites. Impact Level: Application
Upgrade to Admin News Tools version 3.0 or later For updates refer to http://www.adminnewstools.fr.nf/
- Input passed via the 'fichier' parameter in 'system/download.php' is not properly verified before being processed and can be used to read arbitrary files via a .. (dot dot) sequence. - Access to system/message.php is not restricted properly and can be exploited to post news messages by accessing the script directly.
Admin News Tools version 2.5
- AWStats configdir parameter arbitrary cmd exec
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Adobe ColdFusion Authentication Bypass Vulnerability
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability