Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal

On 11/22/06, Stefan Fritsch <[EMAIL PROTECTED]> wrote: thanks for looking into this. Unfortunately I think you are only partially right. (On the other hand, I don't use torrentflux and cannot install it ATM due to libphp-adodb brokenness, so I could be wrong as well). A new libphp-adodb is in t

Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal

Hi Cameron, thanks for looking into this. Unfortunately I think you are only partially right. (On the other hand, I don't use torrentflux and cannot install it ATM due to libphp-adodb brokenness, so I could be wrong as well). On Wednesday 22 November 2006 09:31, Cameron Dale wrote: > Unfortuna

Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal

retitle 399169 torrentflux: create/delete/overwrite arbitrary files tags 399169 + pending thanks Thanks for the report Stefan, your vigilance is much appreciated. Unfortunately the report from secunia is poorly titled, and some of it doesn't apply to the Debian package, so I'll include some more

Processed: Re: Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal

Processing commands for [EMAIL PROTECTED]: > retitle 399169 torrentflux: create/delete/overwrite arbitrary files Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal Changed Bug title. > tags 399169 + pending Bug#399169: torrentflux: create/delete/overwrite arbitrary

Bug#399169: TorrentFlux Arbitrary Command Execution and Directory Traversal

Package: torrentflux Severity: grave Tags: security More security vulnerabilities has been found in torrentflux. From http://secunia.com/advisories/22880/ : 1) Input passed to the "kill" parameter in index.php is not properly sanitised before being used as the command line argument to the "kill