Lucene search
K

75 matches found

Fedora
Fedora
added 2009/02/26 3:34 p.m.14 views

[SECURITY] Fedora 10 Update: mldonkey-2.9.7-3.fc10

MLDonkey is a door to the 'donkey' network, a decentralized network used to exchange big files on the Internet. It is written in a wonderful language, called Objective-Caml, and present most features of the basic Windows donkey client, plus some more: - It should work on most UNIX-compatible...

0.8AI score
Exploits0
Fedora
Fedora
added 2009/02/26 3:33 p.m.15 views

[SECURITY] Fedora 9 Update: mldonkey-2.9.7-3.fc9

MLDonkey is a door to the 'donkey' network, a decentralized network used to exchange big files on the Internet. It is written in a wonderful language, called Objective-Caml, and present most features of the basic Windows donkey client, plus some more: - It should work on most UNIX-compatible...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2009/02/26 12:0 a.m.19 views

MLdonkey HTTP请求任意文件访问漏洞

BUGTRAQ ID: 33865 MLDonkey是开放源码的电驴客户端。 MLDonkey的src/utils/lib/url.ml脚本没有正确地处理以两个斜线开始的文件请求,如果远程攻击者向Mldonkey的http GUI(通常为tcp/4080)提交了恶意请求的话,就可以访问Web Root以外的文件。 Mldonkey 2.9.7 厂商补丁: Mldonkey -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://savannah.nongnu.org/bugs/download.php?fileid=17518...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/02/24 12:0 a.m.13 views

MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln

No description provided by source. MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/02/23 12:0 a.m.29 views

MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln

Exploit for multiple platform in category remote exploits ================================================================== MLdonkey = 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln ================================================================== MLdonkey up to 2.9.7 has a vulnerabilit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/23 12:0 a.m.23 views

MLdonkey 2.9.7 Double Slash File Disclosure

MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/02/23 12:0 a.m.18 views

MLdonkey 2.9.7 - Arbitrary File Disclosure

MLdonkey 2.9.7 - Arbitrary File Disclosure MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/23 12:0 a.m.36 views

MLdonkey 2.9.7 - Arbitrary File Disclosure

MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.24 views

Gentoo Security Advisory GLSA 200710-25 (mldonkey)

The remote host is missing updates announced in advisory GLSA 200710-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.8CVSS0.9AI score0.01801EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.12 views

Gentoo Security Advisory GLSA 200710-25 (mldonkey)

The remote host is missing updates announced in advisory GLSA 200710-25. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.2AI score0.01801EPSS
Exploits0References2
NVD
NVD
added 2007/10/30 7:46 p.m.30 views

CVE-2007-5714

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...

6.8CVSS7.4AI score0.01801EPSS
Exploits0References2
Prion
Prion
added 2007/10/30 7:46 p.m.23 views

Default credentials

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...

6.8CVSS8AI score0.01801EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/10/30 7:0 p.m.38 views

CVE-2007-5714

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...

7.3AI score0.01801EPSS
Exploits0References2
CVE
CVE
added 2007/10/30 7:0 p.m.48 views

CVE-2007-5714

CVE-2007-5714 affects the Gentoo MLDonkey ebuild prior to 2.9.0-r3, where a system user named “p2p” was created with a valid login shell and no password. This could allow remote attackers to log in as the p2p user and execute arbitrary code on the host if an empty-password login service is enable...

6.8CVSS7.3AI score0.01801EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2007/10/30 7:0 p.m.27 views

CVE-2007-5714

Removed by vendor...

6.8CVSS6.7AI score0.01801EPSS
Exploits0
securityvulns
securityvulns
added 2007/10/26 12:0 a.m.38 views

MLDonkey backdoor access

'p2p' account with empty password and valid shell is created during installation...

3.2AI score
Exploits0References1
securityvulns
securityvulns
added 2007/10/26 12:0 a.m.33 views

[ GLSA 200710-25 ] MLDonkey: Privilege escalation

Gentoo Linux Security Advisory GLSA 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Exploits0
Tenable Nessus
Tenable Nessus
added 2007/10/25 12:0 a.m.20 views

GLSA-200710-25 : MLDonkey: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200710-25 MLDonkey: Privilege escalation The Gentoo MLDonkey ebuild adds a user to the system named 'p2p' so that the MLDonkey service can run under a user with low privileges. With older Portage versions this user is created with...

6.8CVSS5.6AI score0.01801EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2007/10/24 12:0 a.m.37 views

MLDonkey: Privilege escalation

Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...

6.8CVSS6.2AI score0.01801EPSS
Exploits0
Prion
Prion
added 2007/07/31 10:17 a.m.10 views

Design/Logic Flaw

MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/webinfos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist...

5CVSS7.4AI score0.01343EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder