Vulnerabilities > Olate

DATE CVE VULNERABILITY TITLE RISK
2007-08-27 CVE-2007-4541 Cross-Site Request Forgery (CSRF) vulnerability in Olate Olatedownload 3.4.2
Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
network
olate CWE-352
4.3
2007-08-27 CVE-2007-4540 SQL Injection vulnerability in Olate Olatedownload 3.4.2
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
network
low complexity
olate CWE-89
7.5
2007-08-21 CVE-2007-4454 Unspecified vulnerability in Olate Olatedownload 3.4.1
Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
network
olate
6.8
2007-08-18 CVE-2007-4421 SQL Injection vulnerability in Olate Olatedownload 3.4.1
SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
network
olate
critical
9.3
2007-08-18 CVE-2007-4419 Improper Authentication vulnerability in Olate Olatedownload 3.4.1
Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
network
olate CWE-287
critical
9.3
2006-10-05 CVE-2006-5145 Input Validation vulnerability in Olate Olatedownload 3.4.0
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
network
low complexity
olate
7.5
2006-10-05 CVE-2006-5144 Input Validation vulnerability in Olate Olatedownload 3.4.0
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
network
olate
6.8
2006-07-03 CVE-2006-3342 Cross-Site Scripting vulnerability in Arctic
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
network
high complexity
olate
2.6