Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5906

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5906
Last Modified 09 May 2009 01:26:51
Published 15 Jan 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5906

Summary

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

Vulnerable Systems

Application

  • Ktorrent 0.9

  • Ktorrent 1.0

  • Ktorrent 1.1

  • Ktorrent 1.2

  • Ktorrent 2.0

  • Ktorrent 2.0.1

  • Ktorrent 2.0.2

  • Ktorrent 2.0.3

  • Ktorrent 2.1

  • Ktorrent 2.1.1

  • Ktorrent 2.1.2

  • Ktorrent 2.1.3

  • Ktorrent 2.1.4

  • Ktorrent 2.2

  • Ktorrent 2.2.1

  • Ktorrent 2.2.2

  • Ktorrent 2.2.3

  • Ktorrent 2.2.4

  • Ktorrent 2.2.5

  • Ktorrent 2.2.6

  • Ktorrent 2.2.7

  • Ktorrent 2.2.8

  • Ktorrent 3.0

  • Ktorrent 3.0.0

  • Ktorrent 3.0.1

  • Ktorrent 3.0.2

  • Ktorrent 3.1.1

  • Ktorrent 3.1.2

  • Ktorrent 3.1.3


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=244741

XF - ktorrent-webinterface-code-execution(46118)

VUPEN - ADV-2008-2911

UBUNTU - USN-711-1

BID - 31927

GENTOO - GLSA-200902-05

SECUNIA - 34003

SECUNIA - 33675

SECUNIA - 32447

SECUNIA - 32442

MLIST - [oss-security] 20090108 CVE request: ktorrent

CONFIRM - http://ktorrent.org/?q=node/23

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178


Last Updated: 27 May 2016 10:48:58