Search criteria
2 vulnerabilities by ktorrent
CVE-2008-5905 (GCVE-0-2008-5905)
Vulnerability from cvelistv5 – Published: 2009-01-15 17:00 – Updated: 2024-08-07 11:13
VLAI?
Summary
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ktorrent.org/?q=node/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ADV-2008-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2911"
},
{
"name": "ktorrent-webinterface-weak-security(46117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ktorrent.org/?q=node/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ADV-2008-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2911"
},
{
"name": "ktorrent-webinterface-weak-security(46117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=244741",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33675"
},
{
"name": "http://ktorrent.org/?q=node/23",
"refsource": "CONFIRM",
"url": "http://ktorrent.org/?q=node/23"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ADV-2008-2911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2911"
},
{
"name": "ktorrent-webinterface-weak-security(46117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5905",
"datePublished": "2009-01-15T17:00:00",
"dateReserved": "2009-01-15T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5906 (GCVE-0-2008-5906)
Vulnerability from cvelistv5 – Published: 2009-01-15 17:00 – Updated: 2024-08-07 11:13
VLAI?
Summary
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ktorrent.org/?q=node/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ktorrent-webinterface-code-execution(46118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46118"
},
{
"name": "ADV-2008-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface\u0027s PHP scripts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ktorrent.org/?q=node/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ktorrent-webinterface-code-execution(46118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46118"
},
{
"name": "ADV-2008-2911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface\u0027s PHP scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090108 CVE request: ktorrent",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/08/1"
},
{
"name": "31927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31927"
},
{
"name": "USN-711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-711-1"
},
{
"name": "32447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32447"
},
{
"name": "32442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32442"
},
{
"name": "34003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34003"
},
{
"name": "GLSA-200902-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=244741",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"
},
{
"name": "33675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33675"
},
{
"name": "http://ktorrent.org/?q=node/23",
"refsource": "CONFIRM",
"url": "http://ktorrent.org/?q=node/23"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"
},
{
"name": "ktorrent-webinterface-code-execution(46118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46118"
},
{
"name": "ADV-2008-2911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5906",
"datePublished": "2009-01-15T17:00:00",
"dateReserved": "2009-01-15T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}