Vulnerabilities > Torrentflux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-03 | CVE-2008-6585 | Cross-Site Request Forgery (CSRF) vulnerability in Torrentflux 2.3 Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action. | 6.8 |
| 2009-04-03 | CVE-2008-6584 | Code Injection vulnerability in Torrentflux 2.3 html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | 6.0 |
| 2006-12-15 | CVE-2006-6604 | Directory Traversal vulnerability in Torrentflux 2.2 Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. | 6.5 |
| 2006-12-15 | CVE-2006-6600 | Cross-Site Scripting vulnerability in TorrentFlux Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. network torrentflux | 6.0 |
| 2006-12-15 | CVE-2006-6599 | Remote Command Execution vulnerability in Torrentflux 2.2 maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. network torrentflux | 6.0 |
| 2006-12-15 | CVE-2006-6598 | Directory Traversal vulnerability in Torrentflux and Torrentflux-B4Rt Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. | 6.5 |
| 2006-12-06 | CVE-2006-6330 | Remote Security vulnerability in Torrentflux 2.2 index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. network torrentflux | 6.0 |
| 2006-12-06 | CVE-2006-6329 | Remote Security vulnerability in Torrentflux 2.2 index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. network torrentflux | 4.9 |
| 2006-12-06 | CVE-2006-6328 | Directory Traversal vulnerability in Torrentflux 2.2 Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. network torrentflux | 4.9 |
| 2006-10-30 | CVE-2006-5609 | Directory Traversal vulnerability in Torrentflux 2.1 Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. | 5.0 |