75 matches found
[SECURITY] Fedora 10 Update: mldonkey-2.9.7-3.fc10
MLDonkey is a door to the 'donkey' network, a decentralized network used to exchange big files on the Internet. It is written in a wonderful language, called Objective-Caml, and present most features of the basic Windows donkey client, plus some more: - It should work on most UNIX-compatible...
[SECURITY] Fedora 9 Update: mldonkey-2.9.7-3.fc9
MLDonkey is a door to the 'donkey' network, a decentralized network used to exchange big files on the Internet. It is written in a wonderful language, called Objective-Caml, and present most features of the basic Windows donkey client, plus some more: - It should work on most UNIX-compatible...
MLdonkey HTTP请求任意文件访问漏洞
BUGTRAQ ID: 33865 MLDonkey是开放源码的电驴客户端。 MLDonkey的src/utils/lib/url.ml脚本没有正确地处理以两个斜线开始的文件请求,如果远程攻击者向Mldonkey的http GUI(通常为tcp/4080)提交了恶意请求的话,就可以访问Web Root以外的文件。 Mldonkey 2.9.7 厂商补丁: Mldonkey -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://savannah.nongnu.org/bugs/download.php?fileid=17518...
MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln
No description provided by source. MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...
MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln
Exploit for multiple platform in category remote exploits ================================================================== MLdonkey = 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln ================================================================== MLdonkey up to 2.9.7 has a vulnerabilit...
MLdonkey 2.9.7 Double Slash File Disclosure
MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...
MLdonkey 2.9.7 - Arbitrary File Disclosure
MLdonkey 2.9.7 - Arbitrary File Disclosure MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually...
MLdonkey 2.9.7 - Arbitrary File Disclosure
MLdonkey up to 2.9.7 has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request ok, there's not much special about double slash to an Mldonkey http GUI tcp/4080 usually. Reference:...
Gentoo Security Advisory GLSA 200710-25 (mldonkey)
The remote host is missing updates announced in advisory GLSA 200710-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200710-25 (mldonkey)
The remote host is missing updates announced in advisory GLSA 200710-25. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2007-5714
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...
Default credentials
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...
CVE-2007-5714
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code...
CVE-2007-5714
CVE-2007-5714 affects the Gentoo MLDonkey ebuild prior to 2.9.0-r3, where a system user named “p2p” was created with a valid login shell and no password. This could allow remote attackers to log in as the p2p user and execute arbitrary code on the host if an empty-password login service is enable...
CVE-2007-5714
Removed by vendor...
MLDonkey backdoor access
'p2p' account with empty password and valid shell is created during installation...
[ GLSA 200710-25 ] MLDonkey: Privilege escalation
Gentoo Linux Security Advisory GLSA 200710-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
GLSA-200710-25 : MLDonkey: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200710-25 MLDonkey: Privilege escalation The Gentoo MLDonkey ebuild adds a user to the system named 'p2p' so that the MLDonkey service can run under a user with low privileges. With older Portage versions this user is created with...
MLDonkey: Privilege escalation
Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...
Design/Logic Flaw
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/webinfos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist...