RSS   Podatności dla 'Torrentflux'   RSS

2014-09-05
 
CVE-2014-6029

CWE-20
 

 
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.

 
 
CVE-2014-6028

CWE-20
 

 
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.

 
2009-04-03
 
CVE-2008-6585

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.

 
 
CVE-2008-6584

CWE-94
 

 
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.

 
2008-04-29
 
CVE-2008-2020

CWE-264
 

 
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

 
2006-12-15
 
CVE-2006-6604

 

 
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.

 
 
CVE-2006-6600

 

 
Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.

 
 
CVE-2006-6599

 

 
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.

 
 
CVE-2006-6598

 

 
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.

 
2006-12-06
 
CVE-2006-6331

 

 
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.

 


Copyright 2022, cxsecurity.com

 

Back to Top