This host is running AdPeeps and is prone to multiple vulnerabilities.
Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed. Impact Level: Application
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
The flaws are due to - Improper validation of user supplied data to the 'index.php' page via various parameters. - 'view_adrates' action with an invalid uid parameter, in 'index.php' reveals the installation path in an error message. - Application having a default password of 'admin' for the 'admin' account, which makes it easier for remote attackers to obtain access via requests to 'index.php'.
Adpeeps version 8.6.5d1 and prior.
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- A-A-S Application Access Server Multiple Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability