MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request (ok, there's not much special about double slash) to an Mldonkey http GUI (tcp/4080 usually). Reference: https://savannah.nongnu.org/bugs/?25667 Thus, the exploit would be as simple as accessing any file on a remote host with your browser and double slash: http://mlhost:4080//etc/passwd # milw0rm.com [2009-02-23]
Mldonkey 3.0.0 c cайта разработчика легко пересобирается со старым spec файлом, по крайней мере на X86_64
*** Bug 20380 has been marked as a duplicate of this bug. ***
mldonkey-3.0.0-alt1 -> sisyphus: * Wed Jun 24 2009 gray_graff <gray_graff@altlinux> 3.0.0-alt1 - 3.0.0 (closes: 18503, 20379, 20380)