Orbitdownloader Orbit Downloader vulnerabilities
3 known vulnerabilities affecting orbitdownloader/orbit_downloader.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-0187P2CRITICALCVSS 9.3PoCv2.8.2v2.8.3+1 more2009-02-26
CVE-2009-0187 [CRITICAL] CWE-119 CVE-2009-0187: Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
nvd
CVE-2009-1064P4MEDIUMCVSS 5.8PoC≤ 2.8.7v2.6.1+15 more2009-03-26
CVE-2009-1064 [MEDIUM] CWE-94 CVE-2009-1064: Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier A
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
nvd
CVE-2010-2104P4MEDIUMCVSS 4.3v3.0.0.4v3.0.0.52010-05-27
CVE-2010-2104 [MEDIUM] CWE-22 CVE-2010-2104: Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remot
Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.
nvd