Unrated severityNVD Advisory· Published May 27, 2010· Updated Jun 16, 2026
CVE-2010-2104
CVE-2010-2104
Description
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.
Affected products
3cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.5:*:*:*:*:*:*:*
- (no CPE)range: 3.0.0.4, 3.0.0.5
Patches
Vulnerability mechanics
References
3- secunia.com/advisories/39527nvdVendor Advisory
- secunia.com/secunia_research/2010-73/nvdVendor Advisory
- www.securityfocus.com/archive/1/511348/100/100/threadednvd
News mentions
0No linked articles in our index yet.