24 matches found
EUVD-2006-6311
Malware in sbrugna...
CVE-2006-6600
Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...
torrentflux <= 2.2 (create/exec/delete) Multiple Vulnerabilities
No description provided by source. r0ut3r Presents... Another r0ut3r discovery! TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities Software: TorrentFlux 2.2 Vendor: http://www.torrentflux.com/ Released: 2006/11/15...
CVE-2006-6600
Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...
CVE-2006-6599
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters ";" semicolon in the announce parameter...
CVE-2006-6604
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. dot dot sequences in the alias parameter, a different vector than CVE-2006-6328...
CVE-2006-6600
Cross-site scripting XSS vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609...
CVE-2006-6599
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters ";" semicolon in the announce parameter...
CVE-2006-6604
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. dot dot sequences in the alias parameter, a different vector than CVE-2006-6328...
CVE-2006-6604
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. dot dot sequences in the alias parameter, a different vector than CVE-2006-6328...
TorrentFlux 2.2 Database Credentials Exposure Exploit
No description provided by source. Description: TorrentFlux fails to sanitise the variable "alias" in downloaddetails.php. This allows an attacker to include any file they want; the contents is displayed at in the spaces provided and the remaning data is displayed as error messages on the page...
TorrentFlux 2.2 (maketorrent.php) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================================== TorrentFlux 2.2 maketorrent.php Remote Command Execution Exploit ================================================================== The variable announce in maketorrent.php...
TorrentFlux 2.2 (downloaddetails.php) Local File Disclosure Exploit
Exploit for unknown platform in category web applications =================================================================== TorrentFlux 2.2 downloaddetails.php Local File Disclosure Exploit =================================================================== Description: TorrentFlux fails to...
CVE-2006-6329
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter...
CVE-2006-6331
metaInfo.php in TorrentFlux 2.2, when $cfg"enablefilepriority" is false, allows remote attackers to execute arbitrary commands via shell metacharacters backticks in the torrent parameter to 1 details.php and 2 startpop.php...
CVE-2006-6330
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter...
CVE-2006-6329
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter...
CVE-2006-6329
CVE-2006-6329 affects TorrentFlux 2.2. The vulnerability: index.php permits remote deletion of files by supplying the target filename in the delfile parameter. This is a remote, unauthenticated-like action (network impact) with potential partial integrity/availability impact as per the NVD CVSS, ...
CVE-2006-6328
CVE-2006-6328 affects TorrentFlux 2.2, specifically index.php, where directory traversal is possible through sequences in the alias_file parameter. This can allow remote attackers to create or overwrite arbitrary files. The description explicitly ties the vulnerability to TorrentFlux 2.2 and the ...
CVE-2006-6329
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter...