Page 2 of 10 results (0.008 seconds)

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacantes remotos evitar la autenticación a través de una petición HTTP que contiene (1) la cabecera Referer , o (2) una cabecera envenenada Referer que coincide con un dominio válido, lo cual permite a atacantes remotos llevar a cabo un ataque de falsificación de petición en sitios cruzados (CSRF) y forzar al cliente a descargar y ejecutar ficheros de su elección. • http://secunia.com/advisories/30135 http://secunia.com/secunia_research/2008-19/advisory http://securityreason.com/securityalert/3930 http://www.securityfocus.com/archive/1/493169/100/0/threaded http://www.securityfocus.com/archive/1/493170/100/0/threaded http://www.securitytracker.com/id?1020208 http://www.vupen.com/english/advisories/2008/1761/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42895 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.3EPSS: 14%CPEs: 4EXPL: 1

CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una línea de destino maliciosa. • https://www.exploit-db.com/exploits/5741 http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html http://secunia.com/advisories/30537 http://www.securityfocus.com/archive/1/493077/100/0/threaded http://www.securityfocus.com/archive/1/493142/100/0/threaded http://www.securitytracker.com/id?1020194 http://www.vupen.com/english/advisories/2008/1746/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 7%CPEs: 2EXPL: 0

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html http://secunia.com/advisories/30037 http://www.securityfocus.com/bid/28993 http://www.securitytracker.com/id?1019955 http://www.vupen.com/english/advisories/2008/1408/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42117 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 34%CPEs: 1EXPL: 0

Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. Desbordamiento de búfer basado en pila en la función GetPrivateProfileSectionW del control ActiveX Akamai Technologies Download Manager (DownloadManagerV2.ocx) después de la versión 2.0.4.4 pero antes que la 2.2.1.0 permite a atacantes remotos ejecutar código de su elección , relacionado con la mala interpretación del parámetro nSize como un contador de bytes en lugar de un contador de ancho de carácter. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514 http://secunia.com/advisories/24900 http://www.kb.cert.org/vuls/id/120241 http://www.osvdb.org/34323 http://www.securityfocus.com/archive/1/465908/100/0/threaded http://www.securityfocus.com/bid/23522 http://www.securitytracker.com/id?1017925 http://www.vupen.com/english/advisories/2007/1415 •

CVSS: 9.3EPSS: 15%CPEs: 1EXPL: 0

Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. Desbordamiento de búfer basado en pila en el control ActiveX Technologies Download Manager (DownloadManagerV2.ocx) anterior a 2.2.1.0 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un asunto diferente que CVE-2007-1891. • http://secunia.com/advisories/24900 http://www.osvdb.org/34324 http://www.securityfocus.com/archive/1/465908/100/0/threaded http://www.securityfocus.com/bid/23522 http://www.vupen.com/english/advisories/2007/1415 https://exchange.xforce.ibmcloud.com/vulnerabilities/33697 •