3 results (0.003 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. The FREE DOWNLOAD MANAGER plugin for WordPress is vulnerable to Arbitrary File Downloads in all versions up to, and including, 1.0.0 via the download_stats_updated() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/free-download-manager/wordpress-free-download-manager-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 67%CPEs: 2EXPL: 2

Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file. Múltiple desbordamiento de búfer en la implementación del torrent parsing en Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844 permite a atacantes remotos ejecutar código de su elección a través de (1) un nombre de fichero largo sin un fichero torrent, (2) una dirección de tracker URL larga en un fichero torrent, o (3) un comentario largo en un fichero torrent. • https://www.exploit-db.com/exploits/10009 https://www.exploit-db.com/exploits/16634 http://secunia.com/advisories/33524 http://secunia.com/secunia_research/2009-5 http://www.securityfocus.com/archive/1/500605/100/0/threaded http://www.securityfocus.com/bid/33555 http://www.vupen.com/english/advisories/2009/0302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 74%CPEs: 2EXPL: 2

Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request. Desbordamiento del búfer basado en pila en Remote Control Server de Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844; permite a atacantes remotos ejecutar código de su elección a través de una cabecera larga Authorization en una petición HTTP. • https://www.exploit-db.com/exploits/7986 https://www.exploit-db.com/exploits/16777 http://osvdb.org/51745 http://secunia.com/advisories/33524 http://secunia.com/secunia_research/2009-3 http://www.securityfocus.com/archive/1/500604/100/0/threaded http://www.securityfocus.com/bid/33554 http://www.vupen.com/english/advisories/2009/0302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •