VYPR
Unrated severityNVD Advisory· Published May 27, 2010· Updated Jun 16, 2026

CVE-2010-2104

CVE-2010-2104

Description

Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.

Affected products

3
  • cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:orbitdownloader:orbit_downloader:3.0.0.5:*:*:*:*:*:*:*
    • (no CPE)range: 3.0.0.4, 3.0.0.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.