Search
Home

imei Addmimistrator’s BugBlog

imei’s security Advisories and researches

SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS

Posted by imei on December 6th, 2007

——-Summary——
Software: SupportSuite
Sowtware’s Web Site: http://www.kayako.com
Versions: 3.00.32
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei Addmimistrator
Risk Level: Medium
——Description—–
Supportsuite , a great product of kayako, Ideal for providing ticket based support, is prone to XSS attack in multiple internal files.{more than 300 files} Read the rest of this entry »

Support Softwares | 3 Comments »

Olate Download 3.4.2 ~ userupload.php ~ Upload Executable Files

Posted by imei on September 1st, 2007

——-Summary——
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei Addmimistrator
Risk Level: High
——Description—–
Olate download is prone to Upload executable file in uploads folder, If admin specified users can upload files.
Read the rest of this entry »

Olate | 2 Comments »

Olate Download 3.4.2~uploads folder ~ directory traversal

Posted by imei on September 1st, 2007

——-Summary——
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: Low
——Description—–
Olate download is prone to directory traversal in Uploads folder.
Read the rest of this entry »

Olate | 2 Comments »

Olate Download 3.4.2~download.php ~ sql injection

Posted by imei on August 22nd, 2007

——————-Summary—————-
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: Middel
—————–Description—————
Olate download is prone to SQL injection in download.php file.
Lack of programmer’s knowledge about HTTP headers and process of assigning value to predefined global arrays, resulted to this bug. Read the rest of this entry »

Olate | 2 Comments »

Olate Download 3.4.2~modules/core/fldm.php~comments tag [url] XSS

Posted by imei on August 22nd, 2007

——————-Summary—————-
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: Middel
—————–Description—————
Olate download is prone to Cross site scripting, cause of simple code replacing for comments in mentioned file
Read the rest of this entry »

Olate | 1 Comment »

« Previous Entries