{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20090108 CVE request: ktorrent", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2009/01/08/1"}, {"name": "31927", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31927"}, {"name": "USN-711-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-711-1"}, {"name": "32447", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32447"}, {"name": "32442", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32442"}, {"name": "34003", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34003"}, {"name": "GLSA-200902-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"}, {"name": "33675", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33675"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ktorrent.org/?q=node/23"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"}, {"name": "ADV-2008-2911", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2911"}, {"name": "ktorrent-webinterface-weak-security(46117)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5905", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20090108 CVE request: ktorrent", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2009/01/08/1"}, {"name": "31927", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31927"}, {"name": "USN-711-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-711-1"}, {"name": "32447", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32447"}, {"name": "32442", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32442"}, {"name": "34003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34003"}, {"name": "GLSA-200902-05", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=244741", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"}, {"name": "33675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33675"}, {"name": "http://ktorrent.org/?q=node/23", "refsource": "CONFIRM", "url": "http://ktorrent.org/?q=node/23"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"}, {"name": "ADV-2008-2911", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2911"}, {"name": "ktorrent-webinterface-weak-security(46117)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:13:13.305Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20090108 CVE request: ktorrent", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2009/01/08/1"}, {"name": "31927", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31927"}, {"name": "USN-711-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-711-1"}, {"name": "32447", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32447"}, {"name": "32442", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32442"}, {"name": "34003", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34003"}, {"name": "GLSA-200902-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"}, {"name": "33675", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33675"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ktorrent.org/?q=node/23"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"}, {"name": "ADV-2008-2911", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2911"}, {"name": "ktorrent-webinterface-weak-security(46117)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5905", "datePublished": "2009-01-15T17:00:00", "dateReserved": "2009-01-15T00:00:00", "dateUpdated": "2024-08-07T11:13:13.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ktorrent:ktorrent:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8025283-BC2B-4B33-8870-4339B8E72885", "versionEndIncluding": "3.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "9C135250-74F9-407F-BF3F-74AC0B6283BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DBF924C-9DC8-49A3-809D-C9C2D166FCF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B98B1318-4EDB-49F5-B39F-536B7D4F9D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B3FEFCAD-9F02-4DD7-BEB2-CCF76BE4CD3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "5ABF1AF9-F645-4E38-AD21-43F363CDC774", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:1.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "F76C3120-59ED-4B34-9138-C5E12C3A43C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE350CBD-5B58-4C3E-80C4-CF2689B590B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3D2C64FA-B341-42F7-AD05-663B2D1C89E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1F74623A-DB49-42F1-A82A-851C36F3F2A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1A49AEA-0406-4B77-A613-0872A129E020", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5BBC44F4-D3F3-4140-A7B6-58DCF0CB95DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "009FC942-5A24-4C09-BB0F-990EF13C3BEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "80D1BCF4-1215-4284-9167-409C9F2D3686", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "01FC83B5-1A34-4E54-BC05-27903C8D76C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "52FAF04B-8043-495A-B68D-BEC80707D7B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D124FEE2-D7D8-4F22-89A0-0DEB23C118F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65074E3F-BD29-4D38-9A82-44AE5CCBA1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "332E5BA7-E581-4256-BE23-9DE0A93ECC6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D6760D0F-EBDC-4357-8A1F-330AED46C27D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "89958A00-844E-4AC6-B9F9-128F4ED2BFF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "B2EE31B1-612F-47AF-A003-434B73D09CBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "7323A1A4-6AD8-45D1-92C9-A485A2404453", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1984EEE-7555-417C-A068-A95D9E87DB6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A00B1A7-2C05-49A0-AD87-E0016E9AD8E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "44495B44-7EBD-4443-98D4-203EADFBD96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "D10469C7-FDAF-45B9-91AD-E083385D940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "7E8F37F5-B52A-4302-AE36-BD3677E57B96", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "F9B5D785-ADF8-4929-BC0B-3DB7BC5A9A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7093A493-B85B-461C-A1A3-21117418B9F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "2ADAB09F-3A65-43F2-9772-811D26E3AA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "87174F64-B01F-4D76-BEC0-630512C437B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E9A0A18F-1FA6-4D99-AD43-D7D61B8C844F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CC400A2-4ED0-4361-BF3E-7029182B9D83", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D4295F0-17C9-4975-9AD5-97D283CB5C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01004DB-5098-43C0-9EFA-BD5E56411632", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EF76451-B112-4836-B8BF-7E74B1252192", "vulnerable": true}, {"criteria": "cpe:2.3:a:ktorrent:ktorrent:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "484C3B3E-0971-4C11-9815-A90B450159D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request."}, {"lang": "es", "value": "El plugin del interfaz web en KTorrent anteriores a v3.1.4 permitir\u00eda a atacantes remotos evitar las restricciones de acceso previstas y subir ficheros torrent, e iniciar la descarga y sembrado a trav\u00e9s de una petici\u00f3n HTTP POST manipulada."}], "id": "CVE-2008-5905", "lastModified": "2024-11-21T00:55:10.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-15T17:30:00.343", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://ktorrent.org/?q=node/23"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2009/01/08/1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32442"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32447"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33675"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34003"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31927"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-711-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2911"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://ktorrent.org/?q=node/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2009/01/08/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200902-05.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31927"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-711-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=244741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46117"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}