VYPR

Btitracker

by Bti Tracker

CVEs (8)

  • CVE-2008-3784Aug 26, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

  • CVE-2007-2854May 24, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.

  • CVE-2007-5986Nov 15, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2007-5985Nov 15, 2007
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.

  • CVE-2007-5987Nov 15, 2007
    risk 0.00cvss epss 0.01

    details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.

  • CVE-2007-5988Nov 15, 2007
    risk 0.00cvss epss 0.02

    blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.

  • CVE-2006-7159Mar 7, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.

  • CVE-2006-6972Feb 7, 2007
    risk 0.00cvss epss 0.01

    SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.