Directory traversal vulnerability in torrent.cpp in KTorrent prior to 2.1.3 only checks for the ".." string, which allows remote malicious users to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joris guisson ktorrent 2.1.2 |
||
joris guisson ktorrent 2.1.1 |