Vulnerabilities > Torrentflux > Torrentflux > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-04-03 CVE-2008-6585 Cross-Site Request Forgery (CSRF) vulnerability in Torrentflux 2.3
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
6.8
2009-04-03 CVE-2008-6584 Code Injection vulnerability in Torrentflux 2.3
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.
6.0
2006-12-15 CVE-2006-6604 Directory Traversal vulnerability in Torrentflux 2.2
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via ..
network
low complexity
torrentflux
6.5
2006-12-15 CVE-2006-6600 Cross-Site Scripting vulnerability in TorrentFlux
Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.
network
torrentflux
6.0
2006-12-15 CVE-2006-6599 Remote Command Execution vulnerability in Torrentflux 2.2
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
network
torrentflux
6.0
2006-12-15 CVE-2006-6598 Directory Traversal vulnerability in Torrentflux and Torrentflux-B4Rt
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via ..
network
low complexity
torrentflux
6.5
2006-12-06 CVE-2006-6330 Remote Security vulnerability in Torrentflux 2.2
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
network
torrentflux
6.0
2006-12-06 CVE-2006-6329 Remote Security vulnerability in Torrentflux 2.2
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
network
torrentflux
4.9
2006-12-06 CVE-2006-6328 Directory Traversal vulnerability in Torrentflux 2.2
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
network
torrentflux
4.9
2006-10-30 CVE-2006-5609 Directory Traversal vulnerability in Torrentflux 2.1
Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
network
low complexity
torrentflux
5.0