Vulnerabilities (CVE)

Filtered by vendor Bittorrent Subscribe
Filtered by product Bittorrent
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5474 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2024-11-21 9.3 HIGH N/A
BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.
CVE-2014-8515 1 Bittorrent 1 Bittorrent 2024-11-21 6.8 MEDIUM N/A
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
CVE-2008-7166 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2024-11-21 5.0 MEDIUM N/A
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
CVE-2008-4434 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
CVE-2008-0364 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2024-11-21 5.0 MEDIUM N/A
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
CVE-2008-0071 2 Bittorrent, Utorrent 2 Bittorrent, Utorrent 2024-11-21 4.3 MEDIUM N/A
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.