Rhys Kidd

#10514of 53,624
26.4Total CVSS
Vulnerabilities · 3
High
3
PT-2008-5672
9.3
2008-10-03
Bittorrent · Qbittorrent · CVE-2008-4434
Name of the Vulnerable Software and Affected Versions: uTorrent versions 1.7.7 build 8179 and earlier BitTorrent versions 6.0.3 build 8642 and earlier Description: A stack-based buffer overflow issue exists due to a boundary error in the processing of .torrent files. This can be exploited by tricking a user into opening a .torrent file containing an overly long `created by` field, potentially allowing execution of arbitrary code and causing a denial of service (crash). Recommendations: For uTorrent versions 1.7.7 build 8179 and earlier, consider avoiding the use of .torrent files with long `created by` fields until a patch is available. For BitTorrent versions 6.0.3 build 8642 and earlier, restrict the processing of .torrent files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2007-3732
9.3
2007-06-25
Apple · Iphone · CVE-2007-2399
**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions 10.3.9 through 10.4.9 Apple iPhone version prior to 1.0.1 **Description** The issue allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption due to an invalid type conversion in WebKit. **Recommendations** For Apple Mac OS X versions 10.3.9 through 10.4.9, update to a version later than 10.4.9 to resolve the issue. For Apple iPhone version prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.
PT-2006-1017
7.8
2006-12-12
L2Tpns · L2Tpns · CVE-2006-5873
Name of the Vulnerable Software and Affected Versions: l2tpns versions prior to 2.1.21 Description: The issue is related to a buffer overflow in the `cluster process heartbeat` function, which can be exploited by remote attackers to cause a denial of service via a large heartbeat packet. Multiple vulnerabilities in the l2tpns package may lead to disruption of protected information availability, and exploitation can be done remotely. Recommendations: For versions prior to 2.1.21, update to version 2.1.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cluster process heartbeat` function in the l2tpns package to minimize the risk of exploitation.