CVE-2008-5905 Information
Description
The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files and trigger the start of downloads and seeding via a crafted HTTP POST request.
Reference
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178 http://ktorrent.org/?q=node/23 http://openwall.com/lists/oss-security/2009/01/08/1 http://secunia.com/advisories/32442 http://secunia.com/advisories/32447 http://secunia.com/advisories/33675 http://secunia.com/advisories/34003 http://security.gentoo.org/glsa/glsa-200902-05.xml http://www.securityfocus.com/bid/31927 http://www.ubuntu.com/usn/USN-711-1 http://www.vupen.com/english/advisories/2008/2911 https://bugs.gentoo.org/show_bug.cgi?id=244741 https://exchange.xforce.ibmcloud.com/vulnerabilities/46117
Share on: