ByteOS Network

vuze

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2018-13417

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-48.50% / 97.67%

7 Day CHG~0.00%

Published-13 Aug, 2018 | 17:00

Updated-05 Aug, 2024 | 09:00

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Vendor-vuze n/a

Product-bittorrent_client n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2008-6587

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.8||MEDIUM

EPSS-0.14% / 34.69%

7 Day CHG~0.00%

Published-03 Apr, 2009 | 18:00

Updated-07 Aug, 2024 | 11:34

Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze (formerly Azureus HTML WebUI), probably 0.7.6, allows remote attackers to hijack the authentication of users for requests that force the download of arbitrary torrent files via the upurl parameter.

Vendor-vuze n/a

Product-vuze n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)