20 matches found
EUVD-2008-6550
Malware in sbrugna...
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
Xxe
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
CVE-2018-13417
Vulnerable component: Vuze Bittorrent Client 5.7.6.0. Root cause: XML External Entity Processing (XXE) in the SDL/UPnP/SSDP XML parsing engine. Impact: unauthenticated remote attackers can read arbitrary files on the host and may trigger SMB-based NetNTLM credential exposure (crack to cleartext) ...
CVE-2018-13417
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...
Vuze Bittorrent Client 5.7.6.0 SSDP Processing XML Injection
Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...
vuze.com XSS vulnerability
Open Bug Bounty ID: OBB-609064 Description| Value ---|--- Affected Website:| vuze.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
How to Exploit BitTorrent for Large-Scale DoS Attacks
A flaw discovered in several widely used BitTorrent applications, including uTorrent, Vuze and Mainline, could be used to carry out a devastating distributed denial of service DDoS attack that makes it very easy for a single undetectable hacker to bring down large sites. A new research by Florian...
BEWARE! μTorrent Silently Installing Bitcoin Mining Software
If you have recently installed or updated the popular BitTorrent client μTorrent 3.4.2 Build 28913 on your computer, then you read this warning post right now. Users of the μTorrent file-sharing service are complaining that the latest update of software used for torrent downloading is silently...
vuze-dht-info NSE Script
Retrieves some basic information, including protocol version from a Vuze filesharing node. As Vuze doesn't have a default port for its DHT service, this script has some difficulties in determining when to run. Most scripts are triggered by either a default port or a fingerprinted service. To get...
Vuze Media Server Detection
The remote host is running an instance of Vuze Media Server. This server is in the form of a plugin for Vuze, a BitTorrent client. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid51060; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Vuze Media...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in index.tmpl in Vuze formerly Azureus HTML WebUI, probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter...
CVE-2008-6587
Cross-site request forgery CSRF vulnerability in index.tmpl in Vuze formerly Azureus HTML WebUI, probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter...
CVE-2008-6587
Cross-site request forgery CSRF vulnerability in index.tmpl in Vuze formerly Azureus HTML WebUI, probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter...
CVE-2008-6587
Cross-site request forgery CSRF vulnerability in index.tmpl in Vuze formerly Azureus HTML WebUI, probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter...
CVE-2008-6587
CVE-2008-6587 describes a cross-site request forgery (CSRF) in Vuze (formerly Azureus HTML WebUI) where requests to index.tmpl can hijack a user’s session to force downloads of arbitrary torrent files via the upurl parameter. Reported as likely in the 0.7.6 timeframe, this vulnerability could per...
Vuze Installed
Vuze formerly Azureus, peer-to-peer file sharing software, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid20844; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24";...