This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ktorrent First view 2009-01-15
Product Ktorrent Last view 2009-01-15
Version 2.0.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ktorrent:ktorrent

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2009-01-15 CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

4.3 2009-01-15 CVE-2008-5905

The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
49357 KTorrent Web Interface Plugin Multiple Variable Arbitrary PHP Code Injection
49356 KTorrent Web Interface Plugin Crafted POST Request Arbitrary Torrent File Upload

OpenVAS Exploits

id Description
2009-03-02 Name : Gentoo Security Advisory GLSA 200902-05 (ktorrent)
File : nvt/glsa_200902_05.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-01-22 Name : KTorrent PHP Code Injection And Security Bypass Vulnerability
File : nvt/gb_ktorrent_sec_bypass_vuln.nasl

Nessus® Vulnerability Scanner

id Description
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-711-1.nasl - Type: ACT_GATHER_INFO
2009-02-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200902-05.nasl - Type: ACT_GATHER_INFO