CVE-2009-4939

Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...

Design/Logic Flaw

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...