CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6331
https://notcve.org/view.php?id=CVE-2006-6331
06 Dec 2006 — metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. metaInfo.php en TorrentFlux 2.2, cuando $cfg["enable_file_priority"] tiene el valor false, permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres (backticks) de línea de comandos (shell) en el parámetro torrent a (1) details.php y (2) startpop.php... • http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582%3Bmsg=71%3Batt=1 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2006-6328 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6328
06 Dec 2006 — Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. Vulnerabilidad de salto de directorio en index.php para TorrentFlux 2.2 permite a atacantes remotos crear o sobrescribir ficheros de su elección mediante secuencias en el parámetro alias_file. • https://www.exploit-db.com/exploits/2786 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2006-6329 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6329
06 Dec 2006 — index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. index.php para TorrentFlux 2.2 permite a atacantes remotos borrar ficheros especificando el nombre del fichero objetivo en el parámetro delfile. • https://www.exploit-db.com/exploits/2786 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2006-6330 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6330
06 Dec 2006 — index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. index.php para TorrentFlux 2.2 permite a usuarios remotos registrados ejecutar comandos de su elección mediante meta caracteres de linea de comandos (shell) en el parámetro kill. • https://www.exploit-db.com/exploits/2786 •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 1CVE-2006-5609 – TorrentFlux 2.1 - 'dir.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5609
30 Oct 2006 — Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. Vulnerabilidad de salto de directorios en dir.php en TorrentFlux 2.1 permite a atacantes remotos listar directorios de su elección mediante secuencias "\.\./" en el parámetro dir. • https://www.exploit-db.com/exploits/28867 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2006-5451
https://notcve.org/view.php?id=CVE-2006-5451
23 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TorrentFlux 2.1... • http://secunia.com/advisories/22384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 2CVE-2006-5227
https://notcve.org/view.php?id=CVE-2006-5227
10 Oct 2006 — Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin.php en TorrentFlux 2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la variable $user_agent, probablemente obtenida de... • http://secunia.com/advisories/22293 •