CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 2CVE-2016-3685
https://notcve.org/view.php?id=CVE-2016-3685
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores genera una clave de cifrado para un espacio de clave pequeño en sistemas Windows y Mac, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de la clave de codificación en el programa del código y el numero de serie BIOS del ordenador, vulnerabilidad también conocida como SAP Security Note 2282338. • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html http://seclists.org/fulldisclosure/2016/Mar/20 http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption http://www.securityfocus.com/archive/1/537746/100/0/threaded • CWE-255: Credentials Management Errors CWE-798: Use of Hard-coded Credentials •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 3CVE-2016-3684
https://notcve.org/view.php?id=CVE-2016-3684
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores usan una clave de cifrado codificada para proteger información almacenada, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de esta clave, vulnerabilidad también conocida como SAP Security Note 2282338. • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html http://seclists.org/fulldisclosure/2016/Mar/20 http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption http://www.securityfocus.com/archive/1/537746/100/0/threaded •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2014-9260 – WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. La función basic_settings en el plugin de administración de descargas para WordPress en versiones anteriores a la 2.7.3 permite que atacantes remotos autenticados actualicen todas las opciones de WordPress. WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/36301 http://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP mal formada durante la descarga de un "Redswoosh". Vulnerabilidad distinta de CVE-2007-1891 y CVE-2007-1892. • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 http://secunia.com/advisories/35951 http://www.akamai.com/html/support/security.html http://www.securityfocus.com/archive/1/505187/100/0/threaded http://www.securityfocus.com/bid/35778 http://www.securitytracker.com/id?1022592 http://www.vupen.com/english/advisories/2009/1985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 16%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una línea de destino maliciosa. • https://www.exploit-db.com/exploits/5741 http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html http://secunia.com/advisories/30537 http://www.securityfocus.com/archive/1/493077/100/0/threaded http://www.securityfocus.com/archive/1/493142/100/0/threaded http://www.securitytracker.com/id?1020194 http://www.vupen.com/english/advisories/2008/1746/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •