Olate Download 3.4.1~environment.php.php~Code Execution
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Olate Download 3.4.1~environment.php.php~Code Execution
- From: "imei Addmimistrator" <addmimistrator@xxxxxxxxx>
- Date: Fri, 17 Aug 2007 16:15:25 +0430
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=KhfhDZGAVFLcYunfFYyqpJvNFDnCwPaZIdmh9xpqkO13WBqaWtgj3ejusNxSxEDucdAO0Ian4jo2iJ2e+Igsre2t+rVQjfNGSNUK4eOu97odhud/70FC/BsRNl2ZGEHxDJh2abgQ3GIfQyL4skmO2kQWZXe715/GuUdrqNUoR4Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=f3pYgefDjOVDUgMpT7jtd8+BferfDFbVyJ1lO+5vGKPlTdHiLwl2PdQs6BwDAtqMuTogu98VCZRvPGyi6K7m8BOZhXyHuRQPx8M6Pn+LigPmIVLGQzYZozAWbUa65+r6ZdZNIK3KoievRWGUh4U1TCKH1rdu7umiF1/Ql3VzE/k=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
VISITE ORIGINAL ADVISORY FOR MORE DETAILES
http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
VISITE ORIGINAL ADVISORY FOR MORE DETAILES
——————-Summary—————-
Software: Olate Download
Sowtware's Web Site: http://www.olate.co.uk/
Versions: 3.4.1
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei Addmimistrator
Risk Level: High
—————–Description—————
Olate is prone to code execution vulnerability cause of trusting to
user supplied inputs in environment.php file, that is a very unusable
file in software.
VISITE ORIGINAL ADVISORY FOR MORE DETAILES
http://myimei.com/security/2007-08-17/olate-download-341-environmentphpphp-code-execution.html
VISITE ORIGINAL ADVISORY FOR MORE DETAILES
--
imei Addmimistrator
Visit my SeQrity Homepage at:
http://myimei.com/security