23 matches found
EUVD-2019-0668
Malware in sbrugna...
EUVD-2006-4228
Malware in sbrugna...
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
Brave Software: Arbitrary file download due to bad handling of Redirects in WebTorrent
Summary: Previously I reported 963155 how an attacker can trick user into downloading malicious files using ".save torrent" feature, In this report I am going to reproduce the same behavior but by abusing a different feature. Description While I was testing webtorrent on brave I noticed that...
Brave Software: Redirecting users to malicious torrent-files/websites using WebTorrent
Summary: An attacker can redirect a user to a malicious torrent file/website using a reverse tab-nabbbing flaw in WebTorrent. Description WebTorrent allows user to open files after download of while they are being downloaded directly from the browser F965466 An attacker can use this to redirect...
Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...
Cross-Site Scripting
Overview Versions of webtorrent prior to 0.107.6 are vulnerable to Cross-Site Scripting. webtorrent servers started with torrent.createServer lists a torrent's title and files in the index page without sanitization. This allows attackers to execute arbitrary JavaScript in the victim's browser...
@homey/server (>=0.0.7 <=0.1.17), @merorafael/torrent-cli (>=0.1.0 <=0.1.1) +17 more potentially affected by CVE-2019-15782 via webtorrent (>=0.100.0 <=0.104.0)
webtorrent NPM version =0.100.0, =0.0.7, =0.1.0, =0.0.1, =1.2.0, =0.0.1, =1.0.0, =0.0.3, =1.1.0, =1.1.1, =1.0.0, =0.0.2, =0.0.3 and more Source cves: CVE-2019-15782 Source advisory: OSV:GHSA-GJH4-FCV3-WHPQ...
GHSA-GJH4-FCV3-WHPQ Cross-Site Scripting in webtorrent
Versions of webtorrent prior to 0.107.6 are vulnerable to Cross-Site Scripting. webtorrent servers started with torrent.createServer lists a torrent's title and files in the index page without sanitization. This allows attackers to execute arbitrary JavaScript in the victim's browser through file...
Cross-Site Scripting in webtorrent
Versions of webtorrent prior to 0.107.6 are vulnerable to Cross-Site Scripting. webtorrent servers started with torrent.createServer lists a torrent's title and files in the index page without sanitization. This allows attackers to execute arbitrary JavaScript in the victim's browser through file...
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
Cross site scripting
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
CVE-2019-15782
The CVE-2019-15782 entry relates to WebTorrent. Affected software: webtorrent prior to version 0.107.6. Issue: Cross-Site Scripting (XSS) in the HTTP server when listing a torrent’s title or file name, due to unsanitized data in the index page generated by torrent.createServer(). Impact: potentia...
Brave Software: [Brave browser] WebTorrent has DNS rebinding vulnerability
Summary: Brave browser has built-in WebTorrent extension. After it finishes downloading a torrent, it serves the downloaded files on a local HTTP server listening on a random port. The problem is that the local HTTP server doesn't check for the hostname of the requesters, so a malicious remote...
WTcom <= 0.2.4-alpha (torrents.php) Remote SQL Injection Vulnerability
No description provided by source. WebTorrent WTcom Script = 0.2.4 ---------------------------------- Remote SQL Injection Every Username, Password and Email ---------------------------------- Author: sh1r081 sh1r081atgmail.com...
WTcom <= 0.2.4-alpha (torrents.php) Remote SQL Injection Vulnerability
No description provided by source. WebTorrent WTcom Script = 0.2.4 ---------------------------------- Remote SQL Injection Every Username, Password and Email ---------------------------------- Author: sh1r081 sh1r081atgmail.com...
CVE-2006-4238
SQL injection vulnerability in torrents.php in WebTorrent WTcom 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode...
CVE-2006-4238
CVE-2006-4238 affects WebTorrent (WTcom) before or equal to version 0.2.4. The vulnerability is a SQL injection in torrents.php, exploitable via the cat parameter in category mode, allowing remote execution of arbitrary SQL commands. The available documents do not provide exploitation details bey...