RSS   Vulnerabilities for 'Deluge'   RSS

2017-05-17
 
CVE-2017-9031

CWE-22
 

 
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.

 
2017-03-18
 
CVE-2017-7178

CWE-352
 

 
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

 


Copyright 2024, cxsecurity.com

 

Back to Top