1. CVE-Search
  2. CVE-2006-6598
ID CVE-2006-6598
Summary Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
References
Vulnerable Configurations
  • cpe:2.3:a:torrentflux:torrentflux:*:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux:*:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt3:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt3:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt4:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt4:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt5:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt5:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt6:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt6:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt7:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt7:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt8:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt8:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt9:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt9:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt61:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt61:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt81:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt81:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt82:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt82:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt83:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt83:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt84:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt84:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt85:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt85:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt91:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt91:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt92:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt92:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt93:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt93:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt94:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt94:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt95:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt95:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt96:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt96:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt97:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt97:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt801:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt801:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt802:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt802:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt951:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt951:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt952:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt952:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt953:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt953:*:*:*:*:*:*:*
  • cpe:2.3:a:torrentflux:torrentflux-b4rt:*:*:*:*:*:*:*:*
    cpe:2.3:a:torrentflux:torrentflux-b4rt:*:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 21613
confirm http://tf-b4rt.berlios.de/changelog-torrentflux_2.1-b4rt.txt
exploit-db 2902
secunia 23402
Last major update 19-10-2017 - 01:29
Published 15-12-2006 - 22:28
Last modified 19-10-2017 - 01:29
Back to Top