Published: 03/03/2009 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Absolute path traversal vulnerability in MLDonkey 2.8.4 up to and including 2.9.7 allows remote malicious users to read arbitrary files via a leading "//" (double slash) in the filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mldonkey mldonkey 2.9.0-r3
mldonkey mldonkey 2.9.7
mldonkey mldonkey 2.8.4
mldonkey mldonkey 2.9
mldonkey mldonkey 2.8.7

MLdonkey (up to 297) has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request (ok, there's not much special about double slash) to an Mldonkey http GUI (tcp/4080 usually) Reference: savannahnongnuorg/bugs/?25667 Thus, the exploit wo ...

CWE-22 http://savannah.nongnu.org/bugs/?25667 http://secunia.com/advisories/34008 http://www.openwall.com/lists/oss-security/2009/02/23/1 http://secunia.com/advisories/34306 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00542.html http://secunia.com/advisories/34345 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00617.html http://www.securityfocus.com/bid/33865 http://secunia.com/advisories/34436 http://www.debian.org/security/2009/dsa-1739 http://www.gentoo.org/security/en/glsa/glsa-200903-36.xml https://www.exploit-db.com/exploits/8097 https://nvd.nist.gov https://www.exploit-db.com/exploits/8097/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0753

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect