Web application abuses : AdPeeps 'index.php' Multiple Vulnerabilities.

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801414

Categoría: Web application abuses

Título: AdPeeps 'index.php' Multiple Vulnerabilities.

Resumen: AdPeeps is prone to multiple vulnerabilities.

Descripción: Summary:
AdPeeps is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Improper validation of user supplied data to the 'index.php' page via
various parameters.

- 'view_adrates' action with an invalid uid parameter, in 'index.php' reveals
the installation path in an error message.

- Application having a default password of 'admin' for the 'admin' account,
which makes it easier for remote attackers to obtain access via requests
to 'index.php'.

Vulnerability Impact:
Successful exploitation will allow attackers to insert arbitrary
HTML and script code, which will be executed in a user's browser session in the
context of an affected site when malicious data is viewed.

Affected Software/OS:
Adpeeps version 8.6.5d1 and prior.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4939
Bugtraq: 20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/503855/100/0/threaded
Bugtraq: 20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/503911/100/0/threaded
http://www.exploit-db.com/exploits/8818
http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html
http://osvdb.org/54790
http://secunia.com/advisories/35262
XForce ISS Database: adpeeps-fields-xss(50824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50824
XForce ISS Database: adpeeps-index-xss(50823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50823
Common Vulnerability Exposure (CVE) ID: CVE-2009-4943
XForce ISS Database: adpeeps-index-path-disclosure(50822)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50822
Common Vulnerability Exposure (CVE) ID: CVE-2009-4945
http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801414
Categoría:	Web application abuses
Título:	AdPeeps 'index.php' Multiple Vulnerabilities.
Resumen:	AdPeeps is prone to multiple vulnerabilities.
Descripción:	Summary: AdPeeps is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to - Improper validation of user supplied data to the 'index.php' page via various parameters. - 'view_adrates' action with an invalid uid parameter, in 'index.php' reveals the installation path in an error message. - Application having a default password of 'admin' for the 'admin' account, which makes it easier for remote attackers to obtain access via requests to 'index.php'. Vulnerability Impact: Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is viewed. Affected Software/OS: Adpeeps version 8.6.5d1 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4939 Bugtraq: 20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/503855/100/0/threaded Bugtraq: 20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/503911/100/0/threaded http://www.exploit-db.com/exploits/8818 http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html http://osvdb.org/54790 http://secunia.com/advisories/35262 XForce ISS Database: adpeeps-fields-xss(50824) https://exchange.xforce.ibmcloud.com/vulnerabilities/50824 XForce ISS Database: adpeeps-index-xss(50823) https://exchange.xforce.ibmcloud.com/vulnerabilities/50823 Common Vulnerability Exposure (CVE) ID: CVE-2009-4943 XForce ISS Database: adpeeps-index-path-disclosure(50822) https://exchange.xforce.ibmcloud.com/vulnerabilities/50822 Common Vulnerability Exposure (CVE) ID: CVE-2009-4945 http://forum.intern0t.net/intern0t-advisories/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html
Copyright	Copyright (C) 2010 Greenbone AG