Search CVE reports

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename,...

chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.

Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and...

Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.

Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.

maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.

Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path...

metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.

index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.