37 matches found
EUVD-2026-40290
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...
Transmission Integer Overflow
2017 research from Google where Tavis found that transmission suffered from various integer overflows when parsing torrent files...
EUVD-2008-6550
Malware in sbrugna...
EUVD-2008-6549
Malware in sbrugna...
EUVD-2007-2269
Malware in sbrugna...
EUVD-2009-1755
Malware in sbrugna...
SUSE CVE-2009-1760
Directory traversal vulnerability in src/torrentinfo.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. dot dot and partial relative pathname in a Multiple...
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...
Session fixation
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...
UBUNTU-CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...
Brave Software: Redirecting users to malicious torrent-files/websites using WebTorrent
Summary: An attacker can redirect a user to a malicious torrent file/website using a reverse tab-nabbbing flaw in WebTorrent. Description WebTorrent allows user to open files after download of while they are being downloaded directly from the browser F965466 An attacker can use this to redirect...
CVE-2008-5905
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request...
Transmission Torrent Parsing Integer Overflows Exploit
Exploit for multiple platform in category dos / poc transmission: various integer overflow parsing torrent files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype,...
Transmission - Integer Overflows Parsing Torrent Files
I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtype trmalloc sizeof structtype sizetnstructs define trnew0structtype, nstructs \ structtype...
Ransomware Tactic Lures Via Copyright Scare
An ongoing ransomware campaign is pretending to be the fake ICPP Foundation icpp-online.com, where the ransomware locks down the user’s desktop issuing a “Copyright violation: copyrighted content detected” message which lists torrent files found on the infected PC and forces the user to pay $400...
Debian DSA-1967-1 : transmission - directory traversal
Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol, performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is...
openSUSE Security Update : transmission (transmission-1777)
Specially crafted torrent files could overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update transmission-1777. The text description of this plugin is C SUSE LLC...
CVE-2010-0012
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...
Transmission bittorent client directory traversal
Directory traversal via .torrent files...
Rasterbar / libtorrent / firetorrent / qBittorrent / deluge Torrent directory traversal
Directory traversal on .torrent files processing...