exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Orbit Downloader metalink "name" Directory Traversal
Posted May 20, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.

tags | advisory
MD5 | 9bf1696f33e4255c295cdf8d7557b96c
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
We Asked Def Con Attendees Why People Are Still Getting Hacked
Posted Aug 16, 2019

tags | headline, hacker, conference
Judge Orders Georgia To Switch To Paper Ballots For 2020 Elections
Posted Aug 16, 2019

tags | headline, government, usa, fraud
Huawei Africa Spying Claims Denied
Posted Aug 16, 2019

tags | headline, government, china, africa, spyware, facebook
Trump Admin Wants To Extend NSA Phone Surveillance Program
Posted Aug 16, 2019

tags | headline, government, privacy, usa, phone, spyware, nsa
Amazon's Rekognition Software Can Now Spot Fear
Posted Aug 15, 2019

tags | headline, amazon, science
Biostar Security Software Leaked A Million Fingerprints
Posted Aug 15, 2019

tags | headline, data loss, password
Trend Micro Fixes Privilege Escalation Flaw In Password Manager
Posted Aug 15, 2019

tags | headline, flaw, password, patch
700,000 Choice Hotels Records Leaked In Data Breach, Ransom Demanded
Posted Aug 15, 2019

tags | headline, privacy, database, data loss
Facebook Latest To Admit Their Contractors Snoop On Your Conversations
Posted Aug 14, 2019

tags | headline, privacy, facebook, social
Adobe Security Patch Update Covers Quite A Bit
Posted Aug 14, 2019

tags | headline, flaw, adobe, patch
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close