what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2010-0012

Status Candidate

Overview

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Related Files

Mandriva Linux Security Advisory 2010-014
Posted Jan 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-014 - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2010-0012
MD5 | 2eccb95035df0fd74d46b91d37f106c6
Mandriva Linux Security Advisory 2010-013
Posted Jan 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.

tags | advisory, remote, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2009-1757, CVE-2010-0012
MD5 | 97ea92440a429610c6ab9786872455cd
Ubuntu Security Notice 885-1
Posted Jan 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 885-1 - It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal.

tags | advisory, web, csrf
systems | linux, ubuntu
advisories | CVE-2009-1757, CVE-2010-0012
MD5 | b38b0ad9791fc7fbf5dc5590ecdd14c9
Debian Linux Security Advisory 1967-1
Posted Jan 7, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.

tags | advisory, local, protocol
systems | linux, debian
advisories | CVE-2010-0012
MD5 | e79878e82b0c8456e3ab0d9e82557fef
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close