Showing 1 - 4 of 4

CVE-2010-0012

Status Candidate

Overview

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Related Files

Mandriva Linux Security Advisory 2010-014: Posted Jan 19, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-014 - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct this issue.; tags | advisory, remote, arbitrary; systems | linux, mandriva; advisories | CVE-2010-0012; SHA-256 | 23df28e11bb44fe8ffca6711696225f393a4868b5f12ee6db077eaf6cf096efe; Download | Favorite | View

Mandriva Linux Security Advisory 2010-013: Posted Jan 19, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.; tags | advisory, remote, arbitrary, csrf; systems | linux, mandriva; advisories | CVE-2009-1757, CVE-2010-0012; SHA-256 | 645f6e2956cd21abc6897932877a4cf16624d8a5590ec9be9a0d461297efda51; Download | Favorite | View

Ubuntu Security Notice 885-1: Posted Jan 14, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 885-1 - It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal.; tags | advisory, web, csrf; systems | linux, ubuntu; advisories | CVE-2009-1757, CVE-2010-0012; SHA-256 | 69acb157bcde280488cb2e36985fb02edf668493426e074cb560fc966af289bb; Download | Favorite | View

Debian Linux Security Advisory 1967-1: Posted Jan 7, 2010; Authored by Debian | Site debian.org; Debian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.; tags | advisory, local, protocol; systems | linux, debian; advisories | CVE-2010-0012; SHA-256 | 7b2c445c07f6dde9e71018d1cd826d1c2ffa4139b41aeafb10f2b560ccfe5d24; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 111 files
indoushka 49 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

CVE-2010-0012

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems