296,334
Total vulnerabilities in the database
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method.
| Software | From | Fixed in |
|---|---|---|
| orbitdownloader / orbit_downloader | 2.8.4 | 2.8.4.x |
| orbit_downloader / orbit_downloader | 2.6.3 | 2.6.3.x |
| orbitdownloader / orbit_downloader | 2.7.3 | 2.7.3.x |
| orbitdownloader / orbit_downloader | 2.7.1 | 2.7.1.x |
| orbitdownloader / orbit_downloader | 2.7.5 | 2.7.5.x |
| orbitdownloader / orbit_downloader | 2.7.6 | 2.7.6.x |
| orbitdownloader / orbit_downloader | 2.8.5 | 2.8.5.x |
| orbitdownloader / orbit_downloader | 2.6.1 | 2.6.1.x |
| orbit_downloader / orbit_downloader | 2.6.4 | 2.6.4.x |
| orbitdownloader / orbit_downloader | 2.6.3 | 2.6.3.x |
| orbitdownloader / orbit_downloader | 2.6.5 | 2.6.5.x |
| orbitdownloader / orbit_downloader | 2.6.4 | 2.6.4.x |
| orbitdownloader / orbit_downloader | - | 2.8.7.x |
| orbitdownloader / orbit_downloader | 2.7.9 | 2.7.9.x |
| orbitdownloader / orbit_downloader | 2.8.2 | 2.8.2.x |
| orbitdownloader / orbit_downloader | 2.8.3 | 2.8.3.x |
| orbitdownloader / orbit_downloader | 2.7.7 | 2.7.7.x |
| orbitdownloader / orbit_downloader | 2.8.1 | 2.8.1.x |
| orbitdownloader / orbit_downloader | 2.7.8 | 2.7.8.x |