CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2008-6584
https://notcve.org/view.php?id=CVE-2008-6584
03 Apr 2009 — html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. html/index.php en TorrentFlux v2.3 permite a usuarios remotos autenticados ejecutar código de forma arbitraria a través de una URL con un fichero que contiene una extensión ejecutable en el parámetro "url_upload", que e... • http://osvdb.org/44645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6585 – TorrentFlux 2.3 - 'admin.php' Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2008-6585
03 Apr 2009 — Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en html/admin.php en TorrentFlux v2.3 permite a atacantes remotos secuestrar la autenticación de los administradores para realizar peticiones que añadan nuevas cuentas a través de la acción "addUser". • https://www.exploit-db.com/exploits/31671 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2008-2020
https://notcve.org/view.php?id=CVE-2008-2020
30 Apr 2008 — The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack usi... • http://securityreason.com/securityalert/3834 • CWE-330: Use of Insufficiently Random Values •