Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-11 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
CVE-2008-1173 | 1 Torrenttrader | 2 Torrenttrader, Torrenttrader Classic | 2018-10-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
CVE-2008-1172 | 1 Torrenttrader | 2 Torrenttrader, Torrenttrader Classic | 2018-10-11 | 4.3 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. | |||||
CVE-2009-2158 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 7.5 HIGH | N/A |
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | |||||
CVE-2009-2159 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 6.4 MEDIUM | N/A |
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | |||||
CVE-2009-2160 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 5.0 MEDIUM | N/A |
TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | |||||
CVE-2009-2161 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 5.1 MEDIUM | N/A |
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. | |||||
CVE-2009-2156 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php. | |||||
CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2018-10-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the delreport parameter to takedelreport.php; (12) the delreq parameter to takedelreq.php; (13) the clases parameter to takestaffmess.php; and (14) the warndisable parameter to takewarndisable.php; and allow remote attackers to execute arbitrary SQL commands via (15) the wherecatin parameter to browse.php, (16) the limit parameter to today.php, and (17) the where parameter to torrents-details.php. |