CVE-2024-49315 – WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49315
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. The FREE DOWNLOAD MANAGER plugin for WordPress is vulnerable to Arbitrary File Downloads in all versions up to, and including, 1.0.0 via the download_stats_updated() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/free-download-manager/wordpress-free-download-manager-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0184 – Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0184
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file. Múltiple desbordamiento de búfer en la implementación del torrent parsing en Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844 permite a atacantes remotos ejecutar código de su elección a través de (1) un nombre de fichero largo sin un fichero torrent, (2) una dirección de tracker URL larga en un fichero torrent, o (3) un comentario largo en un fichero torrent. • https://www.exploit-db.com/exploits/10009 https://www.exploit-db.com/exploits/16634 http://secunia.com/advisories/33524 http://secunia.com/secunia_research/2009-5 http://www.securityfocus.com/archive/1/500605/100/0/threaded http://www.securityfocus.com/bid/33555 http://www.vupen.com/english/advisories/2009/0302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0183 – Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0183
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request. Desbordamiento del búfer basado en pila en Remote Control Server de Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844; permite a atacantes remotos ejecutar código de su elección a través de una cabecera larga Authorization en una petición HTTP. • https://www.exploit-db.com/exploits/7986 https://www.exploit-db.com/exploits/16777 http://osvdb.org/51745 http://secunia.com/advisories/33524 http://secunia.com/secunia_research/2009-3 http://www.securityfocus.com/archive/1/500604/100/0/threaded http://www.securityfocus.com/bid/33554 http://www.vupen.com/english/advisories/2009/0302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •