We have downloaded the patches and uploaded on root folder of the website. How installing is different then the uploading on root.
How can we install and how can we install without SSH
Download and install Magento critical security patches now.
If you have not done so already, download and install 2 previously-released security patches (SUPEE-5344 and SUPEE-1533) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). These security issues affect all versions of Magento Community Edition and enable an attacker to remotely execute code on Magento software. A press release from Check Point Software Technologies tomorrow will make one of these issues widely known, possibly alerting hackers who may try to exploit it. Ensure the patches are in place as a preventative measure before the issue is publicized.