Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
Max CVSS
5.0
EPSS Score
3.79%
Published
2009-03-03
Updated
2017-09-29
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
Max CVSS
5.0
EPSS Score
1.99%
Published
2007-07-31
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
Max CVSS
4.3
EPSS Score
0.33%
Published
2003-12-31
Updated
2017-07-11
3 vulnerabilities found