Summary
Detail | |||
---|---|---|---|
Vendor | Ktorrent | First view | 2009-01-15 |
Product | Ktorrent | Last view | 2009-01-15 |
Version | 1.2 | Type | Application |
Update | rc1 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ktorrent:ktorrent |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2009-01-15 | CVE-2008-5906 | Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. |
4.3 | 2009-01-15 | CVE-2008-5905 | The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
50% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
49357 | KTorrent Web Interface Plugin Multiple Variable Arbitrary PHP Code Injection |
49356 | KTorrent Web Interface Plugin Crafted POST Request Arbitrary Torrent File Upload |
OpenVAS Exploits
id | Description |
---|---|
2009-03-02 | Name : Gentoo Security Advisory GLSA 200902-05 (ktorrent) File : nvt/glsa_200902_05.nasl |
2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
2009-01-22 | Name : KTorrent PHP Code Injection And Security Bypass Vulnerability File : nvt/gb_ktorrent_sec_bypass_vuln.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-04-23 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-711-1.nasl - Type: ACT_GATHER_INFO |
2009-02-24 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200902-05.nasl - Type: ACT_GATHER_INFO |