Hello list! These are Brute Force and Information Leakage vulnerabilities in AI-Bolit. This is security web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions of AI-Bolit. In version 20121014 the filename format was changed (with adding date and time). Which is not enough to protect from guessing, as I stated to the developer. He promised to fix these vulnerabilities. After my recommendations, in version 20130201 the developer added protection against Information Leakage (forbad indexing reports by search engines and added random number to the filename). But software is still vulnerable to Brute Force. ---------- Details: ---------- Brute Force (WASC-11): http://site/ai-bolit.php?p=1 Information Leakage (WASC-13): http://site/AI-BOLIT-REPORT.html http://site/AI-BOLIT-REPORT--