CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6328 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6328
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. Vulnerabilidad de salto de directorio en index.php para TorrentFlux 2.2 permite a atacantes remotos crear o sobrescribir ficheros de su elección mediante secuencias en el parámetro alias_file. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6330 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6330
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. index.php para TorrentFlux 2.2 permite a usuarios remotos registrados ejecutar comandos de su elección mediante meta caracteres de linea de comandos (shell) en el parámetro kill. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6329 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6329
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. index.php para TorrentFlux 2.2 permite a atacantes remotos borrar ficheros especificando el nombre del fichero objetivo en el parámetro delfile. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2006-5609 – TorrentFlux 2.1 - 'dir.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5609
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. Vulnerabilidad de salto de directorios en dir.php en TorrentFlux 2.1 permite a atacantes remotos listar directorios de su elección mediante secuencias "\.\./" en el parámetro dir. • https://www.exploit-db.com/exploits/28867 http://securityreason.com/securityalert/1797 http://www.securityfocus.com/archive/1/449893/100/0/threaded http://www.securityfocus.com/bid/20771 •
CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 4CVE-2006-5451
https://notcve.org/view.php?id=CVE-2006-5451
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TorrentFlux 2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante las variables de tipo array (1) action, (2) file, y (3) users en (a) admin.php, las cuales no son manejadas adecuadamente cuando el administrador mira el registro de actividad (Activity Log); y el parámetro (2) torrent, tal y como se usa en la variable displayName, en (b) startpop.php, vectores diferentes de CVE-2006-5227. • http://secunia.com/advisories/22384 http://www.securityfocus.com/archive/1/448619/100/100/threaded http://www.securityfocus.com/archive/1/448947/100/0/threaded http://www.securityfocus.com/archive/1/448948/100/0/threaded http://www.securityfocus.com/archive/1/448952/100/0/threaded http://www.securityfocus.com/bid/20534 http://www.stevenroddis.com.au/2006/10/13/torrentflux-startpopphp-torrent-script-insertion http://www.stevenroddis.com.au/2006/10/17/torrentflux-action-script-inse • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •