Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.
References
Link | Resource |
---|---|
http://secunia.com/advisories/39527 | Vendor Advisory |
http://secunia.com/secunia_research/2010-73/ | Vendor Advisory |
http://www.securityfocus.com/archive/1/511348/100/100/threaded | |
http://secunia.com/advisories/39527 | Vendor Advisory |
http://secunia.com/secunia_research/2010-73/ | Vendor Advisory |
http://www.securityfocus.com/archive/1/511348/100/100/threaded |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/39527 - Vendor Advisory | |
References | () http://secunia.com/secunia_research/2010-73/ - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/511348/100/100/threaded - |
Information
Published : 2010-05-27 22:30
Updated : 2024-11-21 01:15
NVD link : CVE-2010-2104
Mitre link : CVE-2010-2104
CVE.ORG link : CVE-2010-2104
JSON object : View
Products Affected
orbitdownloader
- orbit_downloader
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')