exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2010-0012

Status Candidate

Overview

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Related Files

Mandriva Linux Security Advisory 2010-014
Posted Jan 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-014 - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2010-0012
SHA-256 | 23df28e11bb44fe8ffca6711696225f393a4868b5f12ee6db077eaf6cf096efe
Mandriva Linux Security Advisory 2010-013
Posted Jan 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.

tags | advisory, remote, arbitrary, csrf
systems | linux, mandriva
advisories | CVE-2009-1757, CVE-2010-0012
SHA-256 | 645f6e2956cd21abc6897932877a4cf16624d8a5590ec9be9a0d461297efda51
Ubuntu Security Notice 885-1
Posted Jan 14, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 885-1 - It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal.

tags | advisory, web, csrf
systems | linux, ubuntu
advisories | CVE-2009-1757, CVE-2010-0012
SHA-256 | 69acb157bcde280488cb2e36985fb02edf668493426e074cb560fc966af289bb
Debian Linux Security Advisory 1967-1
Posted Jan 7, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.

tags | advisory, local, protocol
systems | linux, debian
advisories | CVE-2010-0012
SHA-256 | 7b2c445c07f6dde9e71018d1cd826d1c2ffa4139b41aeafb10f2b560ccfe5d24
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close