CVE-2015-5685

CVE-2015-5685 affects the BitTorrent DHT bootstrap server (bootstrap-dht) and the libtorrent-rasterbar codebase. The vulnerability arises in the lazy_bdecode function, where improper indexing can allow a remote attacker to execute arbitrary code via a crafted packet. Several advisories reference ...

CVE-2015-5474

BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the 1 bittorrent or 2 magnet protocol...

CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

CVE-2015-5685

The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...

CVE-2015-5474

BitTorrent and uTorrent are affected by a remote code execution vulnerability due to how URLs with the bittorrent: or magnet: protocols are handled. A crafted URL can inject arbitrary command line parameters and have them passed to the BitTorrent/uTorrent executable, enabling code execution under...

BitTorrent Bootstrap Remote Code Execution Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol by BitTorrent Inc. in the U.S. BitTorrent Bootstrap aka bootstrap-dht is one of the DHT Distributed Hash Table bootstrap servers. network node hash list bootstrap into BitTorrent. A remote...

BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the lazybdecode function. By sending a...

BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the lazybdecode function. By sending a...

BitTorrent and uTorrent Remote Code Execution Vulnerability

BitTorrent and uTorrent are both popular bittorrent protocol clients that use the same code base. BitTorrent and uTorrent have security vulnerabilities when handling URLs for the bittorrent or magnet protocols, which construct malicious links starting with bittorrent: or magnet: to trick users in...

BitTorrent/uTorrent URI Protocol Command Line Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

CVE-2015-2846

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

Design/Logic Flaw

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

CVE-2015-2846

BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link...

CVE-2015-2846

CVE-2015-2846 affects BitTorrent Sync (BTSync.exe) where the BTSync protocol handler fails to properly validate btsync: URLs, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a crafted file/link) and results in arbitrary command executio...

BitTorrent Sync BTSync.exe Arbitrary Code Execution Vulnerability

BitTorrent Sync is a set of data synchronization tools developed by the American company BitTorrent. The tool synchronizes files between different devices over LANs and the Internet using secure, distributed P2P technology. An arbitrary code execution vulnerability exists in BitTorrent Sync's...

BitTorrent Sync （peer-to-peer file synchronization system on there is a high risk of command injection vulnerability-vulnerability warning-the black bar safety net

According to HP 0day plans ZDI in last week's announcement that BitTorrent Sync on the presence of a high-risk vulnerability, an attacker can remotely execute arbitrary code. The black bar safety net science BitTorrent Sync is BitTorrent network technology company launched in multiple computers f...

BitTorrent Sync btsync: Protocol Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how BitTorrent Sync...

BEWARE! μTorrent Silently Installing Bitcoin Mining Software

If you have recently installed or updated the popular BitTorrent client μTorrent 3.4.2 Build 28913 on your computer, then you read this warning post right now. Users of the μTorrent file-sharing service are complaining that the latest update of software used for torrent downloading is silently...

Tribler - Download Torrents using Tor-inspired onion routing

Tribler is a research project of Delft University of Technology. Tribler was created over nine years ago as a new open source Peer-to-Peer file sharing program. During this time over one million users have installed it successfully and three generations of Ph.D. students tested their algorithms i...

BitTorrent Invites Sony to Release 'The Interview' Movie On Its Paid Service

Sony was forced to pull the cinema release of "The Interview," scheduled for Christmas day, after hacker group Guardians of Peace GOP threatened to attack any theater that decided to show the film. But the studio will release the controversial North Korean-baiting film via different alternatives...