Lucene search
K

6 matches found

OSV
OSV
added 2018/01/15 4:29 p.m.3 views

DEBIAN-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS8.9AI score0.11926EPSS
Exploits1References1
OSV
OSV
added 2018/01/15 4:29 p.m.68 views

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS8AI score
Exploits0References7
Cvelist
Cvelist
added 2018/01/15 4:0 p.m.18 views

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.9AI score0.11926EPSS
Exploits1References7
CVE
CVE
added 2018/01/15 4:0 p.m.95 views

CVE-2018-5702

Transmission 2.92 and earlier versions rely on X-Transmission-Session-Id for access control, which is not a forbidden header for Fetch. This allows remote attackers to execute arbitrary RPC commands and write arbitrary files via POST to /transmission/rpc when combined with a DNS rebinding attack....

8.8CVSS8.8AI score0.11926EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2018/01/15 4:0 p.m.30 views

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS9AI score0.11926EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/01/15 12:0 a.m.22 views

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS7.5AI score0.11926EPSS
Exploits1References6
Rows per page
Query Builder