CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6331
https://notcve.org/view.php?id=CVE-2006-6331
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. metaInfo.php en TorrentFlux 2.2, cuando $cfg["enable_file_priority"] tiene el valor false, permite a atacantes remotos ejecutar comandos de su elección mediante meta caracteres (backticks) de línea de comandos (shell) en el parámetro torrent a (1) details.php y (2) startpop.php. • http://bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582%3Bmsg=71%3Batt=1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/23270 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6329 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6329
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. index.php para TorrentFlux 2.2 permite a atacantes remotos borrar ficheros especificando el nombre del fichero objetivo en el parámetro delfile. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6330 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6330
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. index.php para TorrentFlux 2.2 permite a usuarios remotos registrados ejecutar comandos de su elección mediante meta caracteres de linea de comandos (shell) en el parámetro kill. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6328 – torrentflux 2.2 - Arbitrary File Create/ Execute/Delete
https://notcve.org/view.php?id=CVE-2006-6328
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. Vulnerabilidad de salto de directorio en index.php para TorrentFlux 2.2 permite a atacantes remotos crear o sobrescribir ficheros de su elección mediante secuencias en el parámetro alias_file. • https://www.exploit-db.com/exploits/2786 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582 http://secunia.com/advisories/22880 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 1CVE-2006-5609 – TorrentFlux 2.1 - 'dir.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-5609
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. Vulnerabilidad de salto de directorios en dir.php en TorrentFlux 2.1 permite a atacantes remotos listar directorios de su elección mediante secuencias "\.\./" en el parámetro dir. • https://www.exploit-db.com/exploits/28867 http://securityreason.com/securityalert/1797 http://www.securityfocus.com/archive/1/449893/100/0/threaded http://www.securityfocus.com/bid/20771 •