Vulnerabilities > Orbitdownloader
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-05-27 | CVE-2010-2104 | Path Traversal vulnerability in Orbitdownloader Orbit Downloader 3.0.0.4/3.0.0.5 Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element. | 4.3 |
2009-03-26 | CVE-2009-1064 | Code Injection vulnerability in multiple products Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | 5.8 |
2009-02-26 | CVE-2009-0187 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Orbitdownloader Orbit Downloader 2.8.2/2.8.3/2.8.4 Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message. | 9.3 |