[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: mldonkey arbitrary file download vulnerability
From:       Florian Weimer <fw () deneb ! enyo ! de>
Date:       2009-02-23 21:43:09
Message-ID: 87wsbgommq.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]

mldonkey in version 2.9.7 and earlier permits remote attackers to
download arbitrary files accessible to the mldonkey daemon, using
crafted requests to the HTTP console.

<https://savannah.nongnu.org/bugs/?25667>

(The proposed patch deals with this in a rather odd place.)
[prev in list] [next in list] [prev in thread] [next in thread]