cpe:/a:orbitdownloader:orbit_downloader:3.0.0.4 cpe:/a:orbitdownloader:orbit_downloader:3.0.0.5 CVE-2010-2104 2010-05-27T18:30:02.267-04:00 2010-05-28T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2010-05-28T16:27:00.000-04:00 BUGTRAQ 20100519 Secunia Research: Orbit Downloader metalink "name" Directory Traversal SECUNIA 39527 MISC http://secunia.com/secunia_research/2010-73/ Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.