oss-sec mailing list archives
CVE request: mldonkey arbitrary file download vulnerability
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 23 Feb 2009 22:43:09 +0100
mldonkey in version 2.9.7 and earlier permits remote attackers to download arbitrary files accessible to the mldonkey daemon, using crafted requests to the HTTP console. <https://savannah.nongnu.org/bugs/?25667> (The proposed patch deals with this in a rather odd place.)
Current thread:
- CVE request: mldonkey arbitrary file download vulnerability Florian Weimer (Feb 23)