CVE-2021-25069 – WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
https://notcve.org/view.php?id=CVE-2021-25069
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue El plugin Download Manager de WordPress versiones anteriores a 3.2.34, no sanea ni escapa el parámetro package_ids antes de usarlo en una sentencia SQL, conllevando a una inyección SQL, que también puede ser explotada para causar un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2656086 https://wpscan.com/vulnerability/4ff5e638-1b89-41df-b65a-f821de8934e8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-3685
https://notcve.org/view.php?id=CVE-2016-3685
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores genera una clave de cifrado para un espacio de clave pequeño en sistemas Windows y Mac, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de la clave de codificación en el programa del código y el numero de serie BIOS del ordenador, vulnerabilidad también conocida como SAP Security Note 2282338. • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html http://seclists.org/fulldisclosure/2016/Mar/20 http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption http://www.securityfocus.com/archive/1/537746/100/0/threaded • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •
CVE-2016-3684
https://notcve.org/view.php?id=CVE-2016-3684
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores usan una clave de cifrado codificada para proteger información almacenada, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de esta clave, vulnerabilidad también conocida como SAP Security Note 2282338. • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html http://seclists.org/fulldisclosure/2016/Mar/20 http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption http://www.securityfocus.com/archive/1/537746/100/0/threaded •
CVE-2014-9260 – WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. La función basic_settings en el plugin de administración de descargas para WordPress en versiones anteriores a la 2.7.3 permite que atacantes remotos autenticados actualicen todas las opciones de WordPress. WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/36301 http://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP mal formada durante la descarga de un "Redswoosh". Vulnerabilidad distinta de CVE-2007-1891 y CVE-2007-1892. • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 http://secunia.com/advisories/35951 http://www.akamai.com/html/support/security.html http://www.securityfocus.com/archive/1/505187/100/0/threaded http://www.securityfocus.com/bid/35778 http://www.securitytracker.com/id?1022592 http://www.vupen.com/english/advisories/2009/1985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •