Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.
Max CVSS
5.0
EPSS Score
3.79%
Published
2009-03-03
Updated
2017-09-29
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.
Max CVSS
5.0
EPSS Score
1.99%
Published
2007-07-31
Updated
2017-07-29
2 vulnerabilities found