Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-0013

Опубликовано: 09 янв. 2010
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adium:adium:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
Версия от 11.0 (включая) до 11.2 (включая)
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.12845
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2010-0013

CVSS3: 7.5
ubuntu
почти 16 лет назад

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

redhat логотип

CVE-2010-0013

redhat
почти 16 лет назад

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

debian логотип

CVE-2010-0013

CVSS3: 7.5
debian
почти 16 лет назад

Directory traversal vulnerability in slp.c in the MSN protocol plugin ...

github логотип

GHSA-v6ph-x2c7-6g37

CVSS3: 7.5
github
больше 3 лет назад

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.

EPSS

Процентиль: 94%
0.12845
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22