Debian DLA-943-1 : deluge security update

It was discovered that there was a directory traversal attack vulnerability in the web user interface web in the deluge bittorrent client. For Debian 7 'Wheezy', this issue has been fixed in deluge version 1.3.3-2+nmu1+deb7u2. We recommend that you upgrade your deluge packages. NOTE: Tenable...

HandBrake for Mac Compromised with Proton Spyware

The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...

Gazelle cross-site scripting vulnerability (CNVD-2017-05135)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19 that stems from the program failing to adequately filter the torrents and size parameters. A remote attacker could use this vulnerability to execute...

Gazelle cross-site scripting vulnerability (CNVD-2017-05627)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in Gazelle. A remote attacker could exploit this vulnerability to execute arbitrary HTML and script...

Deluge Cross-Site Request Forgery Vulnerability

Deluge is a BitTorrent client.WebUI is one of the components that launches the web interface. A cross-site request forgery vulnerability exists in Deluge's Web UI. An attacker could use this vulnerability to perform unauthorized operations and access affected applications...

Debian DLA-863-1 : deluge security update

It was discovered that there was a cross-site request forgery vulnerability in the WebUI component of the 'deluge' Bittorrent client. For Debian 7 'Wheezy', this issue has been fixed in deluge version 1.3.3-2+nmu1+deb7u1. We recommend that you upgrade your deluge packages. NOTE: Tenable Network...

[SECURITY] [DLA 863-1] deluge security update

Package : deluge Version : 1.3.3-2+nmu1+deb7u1 CVE ID : CVE-2017-7178 Debian Bug : 857903 It was discovered that there was a cross-site request forgery vulnerability in the WebUI component of the "deluge" Bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version...

[SECURITY] Fedora 25 Update: qbittorrent-3.3.11-1.fc25

A Bittorrent client using rblibtorrent and a Qt4 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support...

[SECURITY] Fedora 24 Update: deluge-1.3.14-1.fc24

Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =EF=BF=BD=EF=BF=BDTorrent-compatible Peer E xchange, an...

[SECURITY] Fedora 25 Update: deluge-1.3.14-1.fc25

Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =EF=BF=BD=EF=BF=BDTorrent-compatible Peer E xchange, an...

BitTorrent API Cross-Site Scripting Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol from the American company BitTorrent. A cross-site scripting vulnerability exists in BitTorrent. An attacker can exploit this vulnerability to execute arbitrary script code in the browser ...

Popcorn Time 5.6 DLL Hijacking

===================================================== Exploit Title : Popcorn Time 5.6 - DLL Hijacking Vulnerability Date Discovered : 2016-12-20 Affected Products: Popcorn Time v5.6 - Software Exploitation Technique: Local Severity Level: Medium Tested OS : Windows 7...

BitTorrent API Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. These applications expose a web service...

Torrentz.eu Shuts Down Forever! End of Biggest Torrent Search Engine

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. The surprise shutdown of Torrentz marks the end of an era. Torrentz.eu was a free, fast and powerful...

BitTorrent Cross-Site Scripting Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol. BitTorrent suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain...

uTorrent Forums User List Stolen

BitTorrent has warned users of its uTorrent client to change their passwords after a third-party breach allowed hackers to walk off with a list of its forum users. “On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums,” the company said in ...

BitTorrent Forum Hacked; Change your Password Immediately

If you are a torrent lover and have registered on BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords. The BitTorrent team has announced that its community forums have been hacked, which exposed private information of...

BitTorrent API Cross Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. These applications expose a web service...

RansomWhere? Generic OS X Ransomware Detection

With each new unrelenting ransomware sample, security researchers understand that no matter how quickly antivirus signatures are updated or how rapidly decryptors are built and shared, current defenses will continue to fall short. The problem is that most adequate defenses are sample-specific;...

Remote Memory Disclosure

Overview Versions of bittorrent-dht prior to 5.1.3 are affected by a remote memory disclosure vulnerability. This vulnerability allows an attacker to send a specific series of of messages to a listening peer and get it to reveal internal memory. There are two mitigating factors here, that slightl...