Btitracker
by Bti Tracker
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3784 | 0.03 | — | 0.02 | Aug 26, 2008 | SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | |||
| CVE-2007-2854 | 0.03 | — | 0.01 | May 24, 2007 | Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | |||
| CVE-2007-5986 | 0.00 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2007-5985 | 0.00 | — | 0.02 | Nov 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | |||
| CVE-2007-5987 | 0.00 | — | 0.01 | Nov 15, 2007 | details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | |||
| CVE-2007-5988 | 0.00 | — | 0.02 | Nov 15, 2007 | blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | |||
| CVE-2006-7159 | 0.00 | — | 0.01 | Mar 7, 2007 | Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action. | |||
| CVE-2006-6972 | 0.00 | — | 0.01 | Feb 7, 2007 | SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable. |
- CVE-2008-3784Aug 26, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
- CVE-2007-2854May 24, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.
- CVE-2007-5986Nov 15, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2007-5985Nov 15, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
- CVE-2007-5987Nov 15, 2007risk 0.00cvss —epss 0.01
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
- CVE-2007-5988Nov 15, 2007risk 0.00cvss —epss 0.02
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
- CVE-2006-7159Mar 7, 2007risk 0.00cvss —epss 0.01
Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
- CVE-2006-6972Feb 7, 2007risk 0.00cvss —epss 0.01
SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.