Lucene search

[email protected]CVE-2010-0999

HistoryMay 17, 2010 - 9:00 p.m.

CVE-2010-0999

2010-05-1721:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-0999

directory traversal

free download manager

fdm

vulnerability

security

metalink

nvd

cve

6.9 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

CPENameOperatorVersion
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq2
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq3.0.850
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq2.5.700
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq2.1
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq2.5.724
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq3.0.843
freedownloadmanager:free_download_managerfreedownloadmanager free download managerle3.0.851
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq2.5.704
freedownloadmanager:free_download_managerfreedownloadmanager free download managereq3.0.848

CPE	Name	Operator	Version
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	2
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	3.0.850
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	2.5.700
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	2.1
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	2.5.724
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	3.0.843
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	le	3.0.851
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	2.5.704
freedownloadmanager:free_download_manager	freedownloadmanager free download manager	eq	3.0.848

References

osvdb.org/64670

secunia.com/secunia_research/2010-67/

www.securityfocus.com/archive/1/511284/100/0/threaded

www.securityfocus.com/bid/40152

exchange.xforce.ibmcloud.com/vulnerabilities/58627

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7284

6.9 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for CVE-2010-0999

securityvulns2 prion1 openvas2