67 matches found
CVE-2020-37059 Popcorn Time 6.2 - 'Update service' Unquoted Service Path
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...
CVE-2020-37059
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...
CVE-2020-37059 Popcorn Time 6.2 - 'Update service' Unquoted Service Path
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...
CVE-2020-37059
CVE-2020-37059 concerns Popcorn Time 6.2.1.14, which is affected by an unquoted service path vulnerability in its Update service. The underlying issue is that a service binary path is not properly quoted, enabling a local, non-privileged user to place a malicious executable in directories like Pr...
Popcorn Time code-related vulnerabilities
Popcorn Time is an open-source, multi-platform free software BitTorrent client developed by Popcorn Time. Version 6.2.1.14 of Popcorn Time contains a code vulnerability caused by an unquoted service path. This vulnerability could allow local non-privileged users to execute code and gain system...
PT-2026-5420
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...
EUVD-2018-4054
Malware in sbrugna...
EUVD-2002-1033
Malware in sbrugna...
EUVD-2009-1642
Malware in sbrugna...
EUVD-2002-1034
Malware in sbrugna...
EUVD-2022-29928
Malicious code in bioql PyPI...
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...
Upgraded Q -> 2 from #633 [1677880427560]
Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...
Popcorn Time Cross-Site Scripting Vulnerability
Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...
Cross site scripting
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...
CVE-2022-25229
CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...
CVE-2022-25229
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...