Search Results

There are 6 CVE entries that match your search.
Name Description
CVE-2019-13640 In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
CVE-2017-6504 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
CVE-2017-15011 The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
CVE-2017-12778 ** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See
CVE-2009-1760 Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.
You can also search by reference using the CVE Reference Maps.
For More Information:  CVE Request Web Form (select “Other” from dropdown)