CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-2104

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/39527
http://secunia.com/secunia_research/2010-73/
http://www.securityfocus.com/archive/1/511348/100/100/threaded
http://secunia.com/advisories/39527
http://secunia.com/secunia_research/2010-73/
http://www.securityfocus.com/archive/1/511348/100/100/threaded

Products affected by CVE-2010-2104

Orbitdownloader » Orbit Downloader » Version: 3.0.0.4

cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.4
Orbitdownloader » Orbit Downloader » Version: 3.0.0.5

cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-2104

Products

Pricing

Contact Us