Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:09:49 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1880540188&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiledesc%2Fsecunia-orbitdownloader.txt.html%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1880540188.1338181789.1338181789.1338181789.1%3B%2B__utmz%3D32867617.1338181789.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/89718/secunia-orbitdownloader.txt http://packetstormsecurity.org/files/89718/secunia-orbitdownloader.txt http://packetstormsecurity.org/files/89718/Orbit-Downloader-metalink-name-Directory-Traversal.html Thu, 20 May 2010 02:30:10 GMT Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.