FKIE_CVE-2006-6598
Vulnerability from fkie_nvd - Published: 2006-12-15 22:28 - Updated: 2026-04-23 00:35
Severity ?
Summary
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC738E38-4158-4E63-929D-6CC971FAD24A",
"versionEndIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2526D31B-D081-4C35-9D98-26DD3DCBBB5D",
"versionEndIncluding": "2.1_b4rt971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt3:*:*:*:*:*:*:*",
"matchCriteriaId": "430F26F5-9C15-45A6-8FE2-3DE2D5676F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt4:*:*:*:*:*:*:*",
"matchCriteriaId": "40FE6027-3BBB-417A-BB59-8F344C79F35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt5:*:*:*:*:*:*:*",
"matchCriteriaId": "113272FC-6E2C-4C65-BF14-3A9478B8EE5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC7B523-93AF-44A3-A6DB-6044049E221C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD3104-2104-48AF-A246-E576CB691C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt8:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECD29D9-93E0-479A-B755-B9D3EF203885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt9:*:*:*:*:*:*:*",
"matchCriteriaId": "5E32CFEA-5023-46BB-B64B-3C3BB43BA232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt61:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44E2F6-1839-4AA2-9927-A8D27B08DB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt81:*:*:*:*:*:*:*",
"matchCriteriaId": "61B4C1FB-BBD4-4C52-8FE2-8F4AE31DC749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt82:*:*:*:*:*:*:*",
"matchCriteriaId": "4542049A-1D9D-4FBC-8B2B-541FDAB057F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt83:*:*:*:*:*:*:*",
"matchCriteriaId": "17E18EF1-A50A-4788-91CE-1F788CB5BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt84:*:*:*:*:*:*:*",
"matchCriteriaId": "48C05143-0B64-4221-B118-A76DC859BD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt85:*:*:*:*:*:*:*",
"matchCriteriaId": "402B5C5A-FC57-4EE0-872D-4F4A12A283E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt91:*:*:*:*:*:*:*",
"matchCriteriaId": "D59C1106-AA83-45AE-B9DD-5A50647562DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt92:*:*:*:*:*:*:*",
"matchCriteriaId": "47AC093F-EF43-4CC9-A6F0-F127E58CAA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt93:*:*:*:*:*:*:*",
"matchCriteriaId": "976E5481-8D4E-4DC4-AC04-CB71F2729C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt94:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB5D17-30FD-44FD-9BF6-ADEB77665537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt95:*:*:*:*:*:*:*",
"matchCriteriaId": "A212E631-FAE5-4FC4-9396-EDA4F63A129A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt96:*:*:*:*:*:*:*",
"matchCriteriaId": "F1359647-6E65-4EC4-9754-35CAC1700C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt97:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E42B11-55B0-4302-95D7-54D9E17936BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt801:*:*:*:*:*:*:*",
"matchCriteriaId": "3272FCC8-CCDC-4864-851D-78B776B8C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt802:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A5E5F0-1C8D-4CBE-AF51-E9784CE9AF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt951:*:*:*:*:*:*:*",
"matchCriteriaId": "AF63B674-0D31-4003-B79B-87F2B891B6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt952:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC9FAD6-BF60-4DE1-A045-86D8689EE281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:torrentflux:torrentflux-b4rt:2.1_b4rt953:*:*:*:*:*:*:*",
"matchCriteriaId": "1D4A2D82-46E9-4884-BD81-AF33702EEF7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328."
},
{
"lang": "es",
"value": "Vulnerabildiad de salto de directorio en viewnfo.php en (1) TorrentFlux anterior a 2.2 y (2) torrentflux-b4rt anterior 2.1-b4rt-972 permite a usuarios validados leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro path, un vector diferente que CVE-2006-6328."
}
],
"id": "CVE-2006-6598",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23402"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://tf-b4rt.berlios.de/changelog-torrentflux_2.1-b4rt.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21613"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://tf-b4rt.berlios.de/changelog-torrentflux_2.1-b4rt.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2902"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…