Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2010-0012

Published: 08/01/2010 Updated: 26/01/2024
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Transmission

Vulnerability Summary

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Vulnerable Product Search on Vulmon Subscribe to Product

transmissionbt transmission 1.22

transmissionbt transmission 1.75

transmissionbt transmission 1.76

transmissionbt transmission 1.34

debian debian linux 5.0

opensuse opensuse 11.1

opensuse opensuse 11.0

opensuse opensuse 11.2

Vendor Advisories

Ubuntu Security Notice: transmission vulnerabilities
It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission This issue affected Ubuntu 904 (CVE-2009-1757) ...
Debian Security Advisories: DSA-1967-1 transmission -- directory traversal
Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol, performs insufficient sanitising of file names specified in torrent files This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file For th ...

References

CWE-22http://www.openwall.com/lists/oss-security/2010/01/06/2https://launchpad.net/bugs/500625http://www.openwall.com/lists/oss-security/2010/01/06/4http://trac.transmissionbt.com/wiki/Changes#version-1.77http://trac.transmissionbt.com/changeset/9829/http://www.debian.org/security/2010/dsa-1967http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gzhttp://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://www.vupen.com/english/advisories/2010/0071http://secunia.com/advisories/37993http://secunia.com/advisories/38005https://exchange.xforce.ibmcloud.com/vulnerabilities/55454http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.htmlhttps://usn.ubuntu.com/885-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook