CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2168 – Download Manager < 3.2.44 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2168
27 Jun 2022 — The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting El plugin Download Manager de WordPress versiones anteriores a 3.2.44, no escapa de una URL generada antes de devolverla a un atributo del panel de control del historial, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/66789b32-049e-4440-8b19-658649851010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25069 – WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
https://notcve.org/view.php?id=CVE-2021-25069
20 Jan 2022 — The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue El plugin Download Manager de WordPress versiones anteriores a 3.2.34, no sanea ni escapa el parámetro package_ids antes de usarlo en una sentencia SQL, conllevando a una inyección SQL, que también puede ser explotada para causar un problema de tipo Cross-Site Scri... • https://plugins.trac.wordpress.org/changeset/2656086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 79%CPEs: 54EXPL: 1CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
01 Feb 2017 — An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on ... • https://packetstorm.news/files/id/140870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 3CVE-2016-3684
https://notcve.org/view.php?id=CVE-2016-3684
14 Dec 2016 — SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores usan una clave de cifrado codificada para proteger información almacenada, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de es... • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 2CVE-2016-3685
https://notcve.org/view.php?id=CVE-2016-3685
14 Dec 2016 — SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores genera una clave de cifrado para un espacio de clave pequeño en sistemas Windows y Mac, lo que permite a atacantes dependien... • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2014-9260 – WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2014-9260
24 Nov 2014 — The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. La función basic_settings en el plugin de administración de descargas para WordPress en versiones anteriores a la 2.7.3 permite que atacantes remotos autenticados actualicen todas las opciones de WordPress. WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability. • https://packetstorm.news/files/id/130690 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
23 Jul 2009 — Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
04 Jun 2008 — CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una... • https://www.exploit-db.com/exploits/5741 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
01 May 2008 — The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •