Page 5 of 23 results (0.006 seconds)

CVSS: 9.3EPSS: 14%CPEs: 4EXPL: 1

CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una línea de destino maliciosa. • https://www.exploit-db.com/exploits/5741 http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html http://secunia.com/advisories/30537 http://www.securityfocus.com/archive/1/493077/100/0/threaded http://www.securityfocus.com/archive/1/493142/100/0/threaded http://www.securitytracker.com/id?1020194 http://www.vupen.com/english/advisories/2008/1746/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 7%CPEs: 2EXPL: 0

The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html http://secunia.com/advisories/30037 http://www.securityfocus.com/bid/28993 http://www.securitytracker.com/id?1019955 http://www.vupen.com/english/advisories/2008/1408/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42117 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 81%CPEs: 1EXPL: 0

Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. Desbordamiento de búfer basado en pila en el Adobe Download Manager anterior a 2.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de sección largo en el fichero dm.ini, el cual es rellenado mediante un fichero AOM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the AOM file format parser. A long [URL] element inside of a [DownloadRecord] element within an AOM file will result in a stack-based buffer overflow condition leading to execution of arbitrary code. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html http://research.eeye.com/html/advisories/published/AD20061205.html http://secunia.com/advisories/23233 http://securitytracker.com/id?1017340 http://www.adobe.com/support/security/bulletins/apsb06-19.html http://www.kb.cert.org/vuls/id/448569 http://www.securityfocus.com/archive/1/453636/100/0/threaded http://www.securityfocus.com/archive/1/453755/100/0/threaded http://www.securityfocus.com/bid/21453 •