Lucene search
Michael PeselnikEDB-ID:8097HistoryFeb 23, 2009 - 12:00 a.m.
MLdonkey 2.9.7 - Arbitrary File Disclosure
2009-02-2300:00:00
Michael Peselnik
www.exploit-db.com
33
AI Score
7.4
Confidence
Low
MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to access any
file with rights of running Mldonkey daemon by supplying a
special-crafted request (ok, there's not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).
Reference:
https://savannah.nongnu.org/bugs/?25667
Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:
http://mlhost:4080//etc/passwd
# milw0rm.com [2009-02-23]Related
nessus
nessus
GLSA-200903-36 : MLDonkey: Information disclosure
2009-03-24 00:00:00
Debian DSA-1739-1 : mldonkey - path traversal
2009-03-24 00:00:00
Fedora 9 : mldonkey-3.0.0-1.fc9 (2009-2703)
2009-03-17 00:00:00
gentoo
gentoo
MLDonkey: Information disclosure
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure
2009-03-13 20:58:15
fedora
fedora
[SECURITY] Fedora 10 Update: mldonkey-3.0.0-1.fc10
2009-03-16 19:51:30
[SECURITY] Fedora 9 Update: mldonkey-3.0.0-1.fc9
2009-03-16 19:39:17
cvelist
cvelist
CVE-2009-0753
2009-03-03 16:00:00
osv
osv
mldonkey - information disclosure
2009-03-13 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-2758 (mldonkey)
2009-03-20 00:00:00
Debian Security Advisory DSA 1739-1 (mldonkey)
2009-03-20 00:00:00
MLdonkey HTTP Request Arbitrary File Download Vulnerability
2009-03-17 00:00:00
securityvulns
securityvulns
MLDonkey directory traversal
2009-03-15 00:00:00
[SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure
2009-03-15 00:00:00
prion
prion
Path traversal
2009-03-03 16:30:00
nvd
nvd
CVE-2009-0753
2009-03-03 16:30:05
cve
cve
CVE-2009-0753
2009-03-03 16:30:05
ubuntucve
ubuntucve
CVE-2009-0753
2009-03-03 00:00:00
debiancve
debiancve
CVE-2009-0753
2009-03-03 16:30:05