This host is running AdPeeps and is prone to multiple vulnerabilities.
Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed. Impact Level: Application
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
The flaws are due to - Improper validation of user supplied data to the 'index.php' page via various parameters. - 'view_adrates' action with an invalid uid parameter, in 'index.php' reveals the installation path in an error message. - Application having a default password of 'admin' for the 'admin' account, which makes it easier for remote attackers to obtain access via requests to 'index.php'.
Adpeeps version 8.6.5d1 and prior.
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability