Torrentflux
Products
2- 17 CVEs
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2020 | Hig | 0.49 | 7.5 | 0.02 | Apr 30, 2008 | The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and… | ||
| CVE-2014-6027 | Med | 0.40 | 6.1 | 0.01 | Jan 16, 2018 | Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script… | ||
| CVE-2008-6585 | 0.03 | — | 0.01 | Apr 3, 2009 | Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. | |||
| CVE-2006-6604 | 0.03 | — | 0.03 | Dec 15, 2006 | Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | |||
| CVE-2006-6598 | 0.03 | — | 0.02 | Dec 15, 2006 | Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | |||
| CVE-2006-6599 | 0.03 | — | 0.03 | Dec 15, 2006 | maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | |||
| CVE-2006-6328 | 0.03 | — | 0.02 | Dec 6, 2006 | Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. | |||
| CVE-2006-6330 | 0.03 | — | 0.03 | Dec 6, 2006 | index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. | |||
| CVE-2006-6329 | 0.03 | — | 0.02 | Dec 6, 2006 | index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. | |||
| CVE-2006-5609 | 0.03 | — | 0.04 | Oct 30, 2006 | Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. | |||
| CVE-2014-6029 | 0.00 | — | 0.02 | Sep 5, 2014 | TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | |||
| CVE-2014-6028 | 0.00 | — | 0.02 | Sep 5, 2014 | TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php. | |||
| CVE-2008-6584 | 0.00 | — | 0.02 | Apr 3, 2009 | html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/… | |||
| CVE-2006-6600 | 0.00 | — | 0.01 | Dec 15, 2006 | Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | |||
| CVE-2006-6331 | 0.00 | — | 0.01 | Dec 6, 2006 | metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. | |||
| CVE-2006-5451 | 0.00 | — | 0.02 | Oct 23, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the… | |||
| CVE-2006-5227 | 0.00 | — | 0.02 | Oct 10, 2006 | Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. |
- risk 0.49cvss 7.5epss 0.02
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script…
- CVE-2008-6585Apr 3, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
- CVE-2006-6604Dec 15, 2006risk 0.03cvss —epss 0.03
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
- CVE-2006-6598Dec 15, 2006risk 0.03cvss —epss 0.02
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
- CVE-2006-6599Dec 15, 2006risk 0.03cvss —epss 0.03
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
- CVE-2006-6328Dec 6, 2006risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
- CVE-2006-6330Dec 6, 2006risk 0.03cvss —epss 0.03
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
- CVE-2006-6329Dec 6, 2006risk 0.03cvss —epss 0.02
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
- CVE-2006-5609Oct 30, 2006risk 0.03cvss —epss 0.04
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
- CVE-2014-6029Sep 5, 2014risk 0.00cvss —epss 0.02
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.
- CVE-2014-6028Sep 5, 2014risk 0.00cvss —epss 0.02
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.
- CVE-2008-6584Apr 3, 2009risk 0.00cvss —epss 0.02
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/…
- CVE-2006-6600Dec 15, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.
- CVE-2006-6331Dec 6, 2006risk 0.00cvss —epss 0.01
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.
- CVE-2006-5451Oct 23, 2006risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the…
- CVE-2006-5227Oct 10, 2006risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.