Torrentflux

torrentflux

13 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Torrentflux B4rt

torrentflux-b4rt

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6585 1Torrentflux 1Torrentflux Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
CVE-2008-6584 1Torrentflux 1Torrentflux Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 6.0 MEDIUM· v2 html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and c...Show more html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.Show less
CVE-2006-6604 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-63...Show more Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.Show less
CVE-2006-6600 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006...Show more Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.Show less
CVE-2006-6599 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 6.0 MEDIUM· v2 maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
CVE-2006-6598 1Torrentflux 2Torrentflux Torrentflux B4rt Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path...Show more Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.Show less
CVE-2006-6331 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 6, 2006 N/A· v4 N/A· v3 6.0 MEDIUM· v2 metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2)...Show more metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.Show less
CVE-2006-6330 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 6, 2006 N/A· v4 N/A· v3 6.0 MEDIUM· v2 index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVE-2006-6329 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 6, 2006 N/A· v4 N/A· v3 4.9 MEDIUM· v2 index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
CVE-2006-6328 1Torrentflux 1Torrentflux Apr 23, 2026 Dec 6, 2006 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
CVE-2006-5609 1Torrentflux 1Torrentflux Apr 23, 2026 Oct 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
CVE-2006-5451 1Torrentflux 1Torrentflux Apr 23, 2026 Oct 23, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are...Show more Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.Show less
CVE-2006-5227 1Torrentflux 1Torrentflux Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header,...Show more Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.Show less