CVSS: 6.1EPSS: 11%CPEs: 1EXPL: 1CVE-2022-2168 – Download Manager < 3.2.44 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2168
27 Jun 2022 — The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting El plugin Download Manager de WordPress versiones anteriores a 3.2.44, no escapa de una URL generada antes de devolverla a un atributo del panel de control del historial, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/66789b32-049e-4440-8b19-658649851010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25069 – WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
https://notcve.org/view.php?id=CVE-2021-25069
20 Jan 2022 — The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue El plugin Download Manager de WordPress versiones anteriores a 3.2.34, no sanea ni escapa el parámetro package_ids antes de usarlo en una sentencia SQL, conllevando a una inyección SQL, que también puede ser explotada para causar un problema de tipo Cross-Site Scri... • https://plugins.trac.wordpress.org/changeset/2656086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2014-9260 – WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2014-9260
24 Nov 2014 — The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. La función basic_settings en el plugin de administración de descargas para WordPress en versiones anteriores a la 2.7.3 permite que atacantes remotos autenticados actualicen todas las opciones de WordPress. WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability. • https://packetstorm.news/files/id/130690 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
23 Jul 2009 — Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
04 Jun 2008 — CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una... • https://www.exploit-db.com/exploits/5741 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
01 May 2008 — The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 0CVE-2007-1891
https://notcve.org/view.php?id=CVE-2007-1891
18 Apr 2007 — Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. Desbordamiento de búfer basado en pila en la función GetPrivateProfileSectionW del control ActiveX Akamai Technologies Download Manager (DownloadManagerV2.ocx) después de la v... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514 •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-1892
https://notcve.org/view.php?id=CVE-2007-1892
18 Apr 2007 — Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. Desbordamiento de búfer basado en pila en el control ActiveX Technologies Download Manager (DownloadManagerV2.ocx) anterior a 2.2.1.0 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un asunto diferente que CVE-2007-1891. • http://secunia.com/advisories/24900 •