Vulnerabilities > CVE-2007-4536 - Unspecified vulnerability in Torrenttrader

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

torrenttrader

NVD

Published: 2007-08-25

Updated: 2024-11-21

Summary

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files.

Vulnerable Configurations

Part	Description	Count
Application	Torrenttrader Torrenttrader Torrenttrader *	1

References

http://osvdb.org/40257
http://osvdb.org/40257
http://secunia.com/advisories/26679
http://secunia.com/advisories/26679
http://www.attrition.org/pipermail/vim/2007-August/001774.html
http://www.attrition.org/pipermail/vim/2007-August/001774.html
http://www.securityfocus.com/bid/25536
http://www.securityfocus.com/bid/25536
http://www.torrenttrader.org/index.php?showtopic=5843
http://www.torrenttrader.org/index.php?showtopic=5843