Olate Download 3.4.1~environment.php.php~Code Execution

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Olate Download 3.4.1~environment.php.php~Code Execution
From: "imei Addmimistrator" <addmimistrator@xxxxxxxxx>
Date: Fri, 17 Aug 2007 16:15:25 +0430
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=KhfhDZGAVFLcYunfFYyqpJvNFDnCwPaZIdmh9xpqkO13WBqaWtgj3ejusNxSxEDucdAO0Ian4jo2iJ2e+Igsre2t+rVQjfNGSNUK4eOu97odhud/70FC/BsRNl2ZGEHxDJh2abgQ3GIfQyL4skmO2kQWZXe715/GuUdrqNUoR4Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=f3pYgefDjOVDUgMpT7jtd8+BferfDFbVyJ1lO+5vGKPlTdHiLwl2PdQs6BwDAtqMuTogu98VCZRvPGyi6K7m8BOZhXyHuRQPx8M6Pn+LigPmIVLGQzYZozAWbUa65+r6ZdZNIK3KoievRWGUh4U1TCKH1rdu7umiF1/Ql3VzE/k=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

VISITE ORIGINAL ADVISORY FOR MORE DETAILES
http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
VISITE ORIGINAL ADVISORY FOR MORE DETAILES

——————-Summary—————-
Software: Olate Download
Sowtware's Web Site: http://www.olate.co.uk/
Versions: 3.4.1
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei Addmimistrator
Risk Level: High
—————–Description—————
Olate is prone to code execution vulnerability cause of trusting to
user supplied inputs in environment.php file, that is a very unusable
file in software.

VISITE ORIGINAL ADVISORY FOR MORE DETAILES
http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
VISITE ORIGINAL ADVISORY FOR MORE DETAILES


-- 
imei Addmimistrator
Visit my SeQrity Homepage at:
http://myimei.com/security

Prev by Date: vBulletin V3.6.8 XSS Password Md5 Hash
Next by Date: Release of Pass-The-Hash Toolkit for Windows v1.0
Previous by thread: Re: vBulletin V3.6.8 XSS Password Md5 Hash
Next by thread: Release of Pass-The-Hash Toolkit for Windows v1.0
Index(es):
- Date
- Thread