Gentoo Linux Security Advisory 201101-4 - A directory traversal vulnerability has been found in aria2. A directory traversal vulnerability was discovered in aria2. Versions less than 1.9.3 are affected.
a96901374636a32dd6142fbe6f125dd03eac614478c3edac6f8bbeb64e9759a9Mandriva Linux Security Advisory 2010-106 - A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program.
0c25148f63260f6981fb3ebdbf915a1db0bf785746ad46962e126030b4207016Debian Linux Security Advisory 2047-1 - A vulnerability was discovered in aria2, a download client. The "name" attribute of the "file" element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory.
e3b1543cd45fea6947a527b31032918885b57dbbf08f6cd7f41e24a617b76ae9Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
5db2e877b929448ce53fbaefcd4fe1dc429beb3e14f7b1dcec039f413a870480
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed