2 matches found
CVE-2008-6587
Cross-site request forgery CSRF vulnerability in index.tmpl in Vuze formerly Azureus HTML WebUI, probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter...
CVE-2008-5905
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...