CVE-2010-0012
published 2010-01-08CVE-2010-0012: Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files…
PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
4.19%
89.7th percentile
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | transmission | < transmission 1.77-1 (bookworm) | transmission 1.77-1 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | >= 0 < 1.77-1 | 1.77-1 |
| transmissionbt | transmission | >= 0 < 1.77-1 | 1.77-1 |
| transmissionbt | transmission | >= 0 < 1.77-1 | 1.77-1 |
| transmissionbt | transmission | >= 0 < 1.77-1 | 1.77-1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v6wx-rx33-54f5: Directory traversal vulnerability in libtransmission/metainfo
ghsa_unreviewed·2022-05-02
CVE-2010-0012 [MEDIUM] CWE-22 GHSA-v6wx-rx33-54f5: Directory traversal vulnerability in libtransmission/metainfo
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
OSV
CVE-2010-0012: Directory traversal vulnerability in libtransmission/metainfo
osv·2010-01-08·CVSS 8.8
CVE-2010-0012 [HIGH] CVE-2010-0012: Directory traversal vulnerability in libtransmission/metainfo
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Ubuntu
Transmission vulnerabilities
vendor_ubuntu·2010-01-18·CVSS 6.8
CVE-2010-0012 [MEDIUM] Transmission vulnerabilities
Title: Transmission vulnerabilities
Summary: Transmission vulnerabilities
It was discovered that the Transmission web interface was vulnerable to
cross-site request forgery (CSRF) attacks. If a user were tricked into
opening a specially crafted web page in a browser while Transmission was
running, an attacker could trigger commands in Transmission. This issue
affected Ubuntu 9.04. (CVE-2009-1757)
Dan Rosenberg discovered that Transmission did not properly perform input
validation when processing torrent files. If a user were tricked into
opening a crafted torrent file, an attacker could overwrite files via
directory traversal. (CVE-2010-0012)
Instructions: After a standard system upgrade you need to restart Transmission to effect
the necessary changes.
Debian
CVE-2010-0012: transmission - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission ...
vendor_debian·2010·CVSS 8.8
CVE-2010-0012 [HIGH] CVE-2010-0012: transmission - Directory traversal vulnerability in libtransmission/metainfo.c in Transmission ...
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Scope: local
bookworm: resolved (fixed in 1.77-1)
bullseye: resolved (fixed in 1.77-1)
forky: resolved (fixed in 1.77-1)
sid: resolved (fixed in 1.77-1)
trixie: resolved (fixed in 1.77-1)
Suricata
GPL SNMP public access tcp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access tcp
GPL SNMP public access tcp
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access tcp"; flow:established,to_server; content:"public"; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,7212; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101412; rev:15; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SNMP private access tcp
suricata·2010-09-23
CVE-2002-0012 GPL SNMP private access tcp
GPL SNMP private access tcp
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP private access tcp"; flow:established,to_server; content:"private"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101414; rev:13; metadata:created_at 2010_09_23, cve CVE_2002_0012, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SNMP public access udp
suricata·2010-09-23
CVE-1999-0517 GPL SNMP public access udp
GPL SNMP public access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP public access udp"; content:"public"; fast_pattern; reference:bugtraq,2112; reference:bugtraq,4088; reference:bugtraq,4089; reference:cve,1999-0517; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101411; rev:13; metadata:created_at 2010_09_23, cve CVE_1999_0517, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Suricata
GPL SNMP private access udp
suricata·2010-09-23
CVE-2002-0012 GPL SNMP private access udp
GPL SNMP private access udp
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"GPL SNMP private access udp"; content:"private"; fast_pattern; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:bugtraq,7212; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:2101413; rev:12; metadata:created_at 2010_09_23, cve CVE_2002_0012, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Exploit-DB
freeSSHd 1.2.6 - Authentication Bypass (Metasploit)
exploitdb·2013-01-15
CVE-2012-6066 freeSSHd 1.2.6 - Authentication Bypass (Metasploit)
freeSSHd 1.2.6 - Authentication Bypass (Metasploit)
---
require 'msf/core'
require 'tempfile'
class Metasploit3 "Freesshd Authentication Bypass",
'Description' => %q{
This module exploits a vulnerability found in FreeSSHd MSF_LICENSE,
'Author' =>
[
'Aris', # Vulnerability discovery and Exploit
'kcope', # 2012 Exploit
'Daniele Martini ' # Metasploit module
],
'References' =>
[
[ 'CVE', '2012-6066' ],
[ 'OSVDB', '88006' ],
[ 'BID', '56785' ],
[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html' ],
[ 'URL', 'http://seclists.org/fulldisclosure/2010/Aug/132' ]
],
'Platform' => 'win',
'Privileged' => true,
'DisclosureDate' => "Aug 11 2010",
'Targets' =>
[
[ 'Freesshd 0
))
register_options(
[
OptInt.new('RPORT', [false, 'The target port', 22]),
OptString.new('USER
Exploit-DB
Weborf HTTP Server - Denial of Service
exploitdb·2010-06-24
CVE-2010-2435 Weborf HTTP Server - Denial of Service
Weborf HTTP Server - Denial of Service
---
[DCA-0012]
[Software]
- Weborf HTTP Server
[Vendor Product Description]
- Weborf is a lightweight Web server written in C. It supports IPv6
and basic authentication. It doesn't implement the full HTTP
specification, but can be used to easily share directories or files.
[Bug Description]
- Weborf HTTP Server can't handle unicode characters in "Connection: "
general header-field leading to a Denial-of-Service flaw
[History]
- Advisory sent to vendor on 06/21/2010.
- Vendor reply 06/22/2010.
- Vendor patch published 06/23/2010
[Impact]
- Low
[Affected Version]
-Weborf 0.12.1
- Prior versions may also be vulnerable.
[Exploit]
#!/usr/bin/perl
use IO::Socket;
if (@ARGV new( Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-]
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://secunia.com/advisories/37993http://secunia.com/advisories/38005http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gzhttp://trac.transmissionbt.com/changeset/9829/http://trac.transmissionbt.com/wiki/Changes#version-1.77http://www.debian.org/security/2010/dsa-1967http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.htmlhttp://www.openwall.com/lists/oss-security/2010/01/06/2http://www.openwall.com/lists/oss-security/2010/01/06/4http://www.vupen.com/english/advisories/2010/0071https://exchange.xforce.ibmcloud.com/vulnerabilities/55454https://launchpad.net/bugs/500625http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlhttp://secunia.com/advisories/37993http://secunia.com/advisories/38005http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gzhttp://trac.transmissionbt.com/changeset/9829/http://trac.transmissionbt.com/wiki/Changes#version-1.77http://www.debian.org/security/2010/dsa-1967http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.htmlhttp://www.openwall.com/lists/oss-security/2010/01/06/2http://www.openwall.com/lists/oss-security/2010/01/06/4http://www.vupen.com/english/advisories/2010/0071https://exchange.xforce.ibmcloud.com/vulnerabilities/55454https://launchpad.net/bugs/500625
2010-01-08
Published