{ "id": "CVE-2006-6598", "sourceIdentifier": "cve@mitre.org", "published": "2006-12-15T22:28:00.000", "lastModified": "2017-10-19T01:29:48.737", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328." }, { "lang": "es", "value": "Vulnerabildiad de salto de directorio en viewnfo.php en (1) TorrentFlux anterior a 2.2 y (2) torrentflux-b4rt anterior 2.1-b4rt-972 permite a usuarios validados leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro path, un vector diferente que CVE-2006-6328." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.2", "matchCriteriaId": "FC738E38-4158-4E63-929D-6CC971FAD24A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.1_b4rt971", "matchCriteriaId": "2526D31B-D081-4C35-9D98-26DD3DCBBB5D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt3:*:*:*:*:*:*:*", "matchCriteriaId": "430F26F5-9C15-45A6-8FE2-3DE2D5676F3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt4:*:*:*:*:*:*:*", "matchCriteriaId": "40FE6027-3BBB-417A-BB59-8F344C79F35D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt5:*:*:*:*:*:*:*", "matchCriteriaId": "113272FC-6E2C-4C65-BF14-3A9478B8EE5C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt6:*:*:*:*:*:*:*", "matchCriteriaId": "FCC7B523-93AF-44A3-A6DB-6044049E221C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt7:*:*:*:*:*:*:*", "matchCriteriaId": "84FD3104-2104-48AF-A246-E576CB691C4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt8:*:*:*:*:*:*:*", "matchCriteriaId": "7ECD29D9-93E0-479A-B755-B9D3EF203885" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt9:*:*:*:*:*:*:*", "matchCriteriaId": "5E32CFEA-5023-46BB-B64B-3C3BB43BA232" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt61:*:*:*:*:*:*:*", "matchCriteriaId": "2F44E2F6-1839-4AA2-9927-A8D27B08DB81" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt81:*:*:*:*:*:*:*", "matchCriteriaId": "61B4C1FB-BBD4-4C52-8FE2-8F4AE31DC749" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt82:*:*:*:*:*:*:*", "matchCriteriaId": "4542049A-1D9D-4FBC-8B2B-541FDAB057F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt83:*:*:*:*:*:*:*", "matchCriteriaId": "17E18EF1-A50A-4788-91CE-1F788CB5BA77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt84:*:*:*:*:*:*:*", "matchCriteriaId": "48C05143-0B64-4221-B118-A76DC859BD12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt85:*:*:*:*:*:*:*", "matchCriteriaId": "402B5C5A-FC57-4EE0-872D-4F4A12A283E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt91:*:*:*:*:*:*:*", "matchCriteriaId": "D59C1106-AA83-45AE-B9DD-5A50647562DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt92:*:*:*:*:*:*:*", "matchCriteriaId": "47AC093F-EF43-4CC9-A6F0-F127E58CAA8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt93:*:*:*:*:*:*:*", "matchCriteriaId": "976E5481-8D4E-4DC4-AC04-CB71F2729C49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt94:*:*:*:*:*:*:*", "matchCriteriaId": "92DB5D17-30FD-44FD-9BF6-ADEB77665537" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt95:*:*:*:*:*:*:*", "matchCriteriaId": "A212E631-FAE5-4FC4-9396-EDA4F63A129A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt96:*:*:*:*:*:*:*", "matchCriteriaId": "F1359647-6E65-4EC4-9754-35CAC1700C68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt97:*:*:*:*:*:*:*", "matchCriteriaId": "C7E42B11-55B0-4302-95D7-54D9E17936BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt801:*:*:*:*:*:*:*", "matchCriteriaId": "3272FCC8-CCDC-4864-851D-78B776B8C66A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt802:*:*:*:*:*:*:*", "matchCriteriaId": "A0A5E5F0-1C8D-4CBE-AF51-E9784CE9AF05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt951:*:*:*:*:*:*:*", "matchCriteriaId": "AF63B674-0D31-4003-B79B-87F2B891B6C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt952:*:*:*:*:*:*:*", "matchCriteriaId": "ADC9FAD6-BF60-4DE1-A045-86D8689EE281" }, { "vulnerable": true, "criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt953:*:*:*:*:*:*:*", "matchCriteriaId": "1D4A2D82-46E9-4884-BD81-AF33702EEF7A" } ] } ] } ], "references": [ { "url": "http://tf-b4rt.berlios.de/changelog-torrentflux_2.1-b4rt.txt", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securityfocus.com/bid/21613", "source": "cve@mitre.org" }, { "url": "https://www.exploit-db.com/exploits/2902", "source": "cve@mitre.org" } ] }