CVE-2008-5905

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5905

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

T

he web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23 Vendor Advisory
http://openwall.com/lists/oss-security/2009/01/08/1
http://secunia.com/advisories/32442 Vendor Advisory
http://secunia.com/advisories/32447 Vendor Advisory
http://secunia.com/advisories/33675
http://secunia.com/advisories/34003
http://security.gentoo.org/glsa/glsa-200902-05.xml
http://www.securityfocus.com/bid/31927
http://www.ubuntu.com/usn/USN-711-1
http://www.vupen.com/english/advisories/2008/2911
https://bugs.gentoo.org/show_bug.cgi?id=244741
https://exchange.xforce.ibmcloud.com/vulnerabilities/46117
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://ktorrent.org/?q=node/23 Vendor Advisory
http://openwall.com/lists/oss-security/2009/01/08/1
http://secunia.com/advisories/32442 Vendor Advisory
http://secunia.com/advisories/32447 Vendor Advisory
http://secunia.com/advisories/33675
http://secunia.com/advisories/34003
http://security.gentoo.org/glsa/glsa-200902-05.xml
http://www.securityfocus.com/bid/31927
http://www.ubuntu.com/usn/USN-711-1
http://www.vupen.com/english/advisories/2008/2911
https://bugs.gentoo.org/show_bug.cgi?id=244741
https://exchange.xforce.ibmcloud.com/vulnerabilities/46117
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ktorrent:ktorrent:*:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:0.9:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:1.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:1.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1:beta1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2:beta1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ktorrent:ktorrent:3.1.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:55

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178 - () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178 -
References () http://ktorrent.org/?q=node/23 - Vendor Advisory () http://ktorrent.org/?q=node/23 - Vendor Advisory
References () http://openwall.com/lists/oss-security/2009/01/08/1 - () http://openwall.com/lists/oss-security/2009/01/08/1 -
References () http://secunia.com/advisories/32442 - Vendor Advisory () http://secunia.com/advisories/32442 - Vendor Advisory
References () http://secunia.com/advisories/32447 - Vendor Advisory () http://secunia.com/advisories/32447 - Vendor Advisory
References () http://secunia.com/advisories/33675 - () http://secunia.com/advisories/33675 -
References () http://secunia.com/advisories/34003 - () http://secunia.com/advisories/34003 -
References () http://security.gentoo.org/glsa/glsa-200902-05.xml - () http://security.gentoo.org/glsa/glsa-200902-05.xml -
References () http://www.securityfocus.com/bid/31927 - () http://www.securityfocus.com/bid/31927 -
References () http://www.ubuntu.com/usn/USN-711-1 - () http://www.ubuntu.com/usn/USN-711-1 -
References () http://www.vupen.com/english/advisories/2008/2911 - () http://www.vupen.com/english/advisories/2008/2911 -
References () https://bugs.gentoo.org/show_bug.cgi?id=244741 - () https://bugs.gentoo.org/show_bug.cgi?id=244741 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46117 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/46117 -
Information

Published : 2009-01-15 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-5905

Mitre link : CVE-2008-5905

CVE.ORG link : CVE-2008-5905

JSON object : View

Products Affected

ktorrent

CWE
CWE-264

Permissions, Privileges, and Access Controls