{"title": "MLdonkey Admin Access ", "published": "2003-11-05T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-04-28T13:19:57"}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:57"}, "vulnersScore": 0.3}, "cvelist": [], "viewCount": 7, "affectedSoftware": [{"version": "2.5.4", "name": "MLDonkey", "operator": "eq"}], "hash": "6207e12aa4b7cdeeee2bae02d50da1b18c58d73084726510d12fbc6472978be3", "id": "OSVDB:3126", "modified": "2003-11-05T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:3126", "hashmap": [{"hash": "ecec24afc597b31b11938f13ccee2b83", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "49cf5c04c17e5fe219018771c65cb20b", "key": "description"}, {"hash": "61fb80ed54feda504e430b9d1c874669", "key": "href"}, {"hash": "a7aa9899f862696da7c8eae88a47459b", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "a7aa9899f862696da7c8eae88a47459b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "955b328dc7cd615c13af5464c9183464", "key": "reporter"}, {"hash": "ebe35b726e5e1141802839bc9aaea73c", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nMLdonkey for Mac OS X, Unix and Linux contains a flaw that may lead to an unauthorized information disclosure and access to the Administrative interface. The issue is triggered when a specially crafted packet is sent, which will allow access to the administrative interface disclosing information resulting in a loss of confidentiality.\n## Technical Description\nThis flaw will need to be used in conjunction with the cross-site scripting vulnerability to be effective.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMLdonkey for Mac OS X, Unix and Linux contains a flaw that may lead to an unauthorized information disclosure and access to the Administrative interface. The issue is triggered when a specially crafted packet is sent, which will allow access to the administrative interface disclosing information resulting in a loss of confidentiality.\n## Manual Testing Notes\nThe following will open the admin interface to all IP addresses.\nhttp://127.0.0.1:4080/submit?setoption=q&option=allowed_ips&value=255.255.255.255\n## References:\nVendor URL: http://mldonkey.org/\n[Secunia Advisory ID:10134](https://secuniaresearch.flexerasoftware.com/advisories/10134/)\n[Related OSVDB ID: 2769](https://vulners.com/osvdb/OSVDB:2769)\n[Nessus Plugin ID:11125](https://vulners.com/search?query=pluginID:11125)\nISS X-Force ID: 13616\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:19:57"}

{}