CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP mal formada durante la descarga de un "Redswoosh". Vulnerabilidad distinta de CVE-2007-1891 y CVE-2007-1892. • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 http://secunia.com/advisories/35951 http://www.akamai.com/html/support/security.html http://www.securityfocus.com/archive/1/505187/100/0/threaded http://www.securityfocus.com/bid/35778 http://www.securitytracker.com/id?1022592 http://www.vupen.com/english/advisories/2009/1985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 16%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una línea de destino maliciosa. • https://www.exploit-db.com/exploits/5741 http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html http://secunia.com/advisories/30537 http://www.securityfocus.com/archive/1/493077/100/0/threaded http://www.securityfocus.com/archive/1/493142/100/0/threaded http://www.securitytracker.com/id?1020194 http://www.vupen.com/english/advisories/2008/1746/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 0CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html http://secunia.com/advisories/30037 http://www.securityfocus.com/bid/28993 http://www.securitytracker.com/id?1019955 http://www.vupen.com/english/advisories/2008/1408/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42117 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 34%CPEs: 1EXPL: 0CVE-2007-1891
https://notcve.org/view.php?id=CVE-2007-1891
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. Desbordamiento de búfer basado en pila en la función GetPrivateProfileSectionW del control ActiveX Akamai Technologies Download Manager (DownloadManagerV2.ocx) después de la versión 2.0.4.4 pero antes que la 2.2.1.0 permite a atacantes remotos ejecutar código de su elección , relacionado con la mala interpretación del parámetro nSize como un contador de bytes en lugar de un contador de ancho de carácter. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514 http://secunia.com/advisories/24900 http://www.kb.cert.org/vuls/id/120241 http://www.osvdb.org/34323 http://www.securityfocus.com/archive/1/465908/100/0/threaded http://www.securityfocus.com/bid/23522 http://www.securitytracker.com/id?1017925 http://www.vupen.com/english/advisories/2007/1415 •
CVSS: 9.3EPSS: 15%CPEs: 1EXPL: 0CVE-2007-1892
https://notcve.org/view.php?id=CVE-2007-1892
Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. Desbordamiento de búfer basado en pila en el control ActiveX Technologies Download Manager (DownloadManagerV2.ocx) anterior a 2.2.1.0 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un asunto diferente que CVE-2007-1891. • http://secunia.com/advisories/24900 http://www.osvdb.org/34324 http://www.securityfocus.com/archive/1/465908/100/0/threaded http://www.securityfocus.com/bid/23522 http://www.vupen.com/english/advisories/2007/1415 https://exchange.xforce.ibmcloud.com/vulnerabilities/33697 •