Showing 1 - 4 of 4

CVE-2010-0012

Status Candidate

Overview

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Related Files

Mandriva Linux Security Advisory 2010-014: Posted Jan 19, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-014 - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct this issue.; tags | advisory, remote, arbitrary; systems | linux, mandriva; advisories | CVE-2010-0012; SHA-256 | 23df28e11bb44fe8ffca6711696225f393a4868b5f12ee6db077eaf6cf096efe; Download | Favorite | View

Mandriva Linux Security Advisory 2010-013: Posted Jan 19, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.; tags | advisory, remote, arbitrary, csrf; systems | linux, mandriva; advisories | CVE-2009-1757, CVE-2010-0012; SHA-256 | 645f6e2956cd21abc6897932877a4cf16624d8a5590ec9be9a0d461297efda51; Download | Favorite | View

Ubuntu Security Notice 885-1: Posted Jan 14, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 885-1 - It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal.; tags | advisory, web, csrf; systems | linux, ubuntu; advisories | CVE-2009-1757, CVE-2010-0012; SHA-256 | 69acb157bcde280488cb2e36985fb02edf668493426e074cb560fc966af289bb; Download | Favorite | View

Debian Linux Security Advisory 1967-1: Posted Jan 7, 2010; Authored by Debian | Site debian.org; Debian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.; tags | advisory, local, protocol; systems | linux, debian; advisories | CVE-2010-0012; SHA-256 | 7b2c445c07f6dde9e71018d1cd826d1c2ffa4139b41aeafb10f2b560ccfe5d24; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

CVE-2010-0012

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems