CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 3CVE-2016-3684
https://notcve.org/view.php?id=CVE-2016-3684
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338. SAP Download Manager 2.1.142 y versiones anteriores usan una clave de cifrado codificada para proteger información almacenada, lo que permite a atacantes dependientes del contexto obtener información de configuración sensible aprovechando el conocimiento de esta clave, vulnerabilidad también conocida como SAP Security Note 2282338. • http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html http://seclists.org/fulldisclosure/2016/Mar/20 http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption http://www.securityfocus.com/archive/1/537746/100/0/threaded •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2014-9260 – WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2014-9260
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. La función basic_settings en el plugin de administración de descargas para WordPress en versiones anteriores a la 2.7.3 permite que atacantes remotos autenticados actualicen todas las opciones de WordPress. WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/36301 http://packetstormsecurity.com/files/130690/WordPress-Download-Manager-2.7.2-Privilege-Escalation.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0189
https://notcve.org/view.php?id=CVE-2010-0189
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems, (también se conoce como DLM o Downloader) versión 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones que involucran sitios web que no están en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalación de programas arbitrarios por medio de un nombre especialmente diseñado para un sitio de descarga. • http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html http://blogs.zdnet.com/security/?p=5505 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856 http://secunia.com/advisories/38729 http://securitytracker.com/id?1023651 http://www.adobe.com/support/security/bulletins/apsb10-08.html http://www.akitasecurity.nl/advisory.php?id=AK20090401 http://www.osvdb.org/62547 http://www&# • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP mal formada durante la descarga de un "Redswoosh". Vulnerabilidad distinta de CVE-2007-1891 y CVE-2007-1892. • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 http://secunia.com/advisories/35951 http://www.akamai.com/html/support/security.html http://www.securityfocus.com/archive/1/505187/100/0/threaded http://www.securityfocus.com/bid/35778 http://www.securitytracker.com/id?1022592 http://www.vupen.com/english/advisories/2009/1985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 4EXPL: 1CVE-2008-1770 – Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download
https://notcve.org/view.php?id=CVE-2008-1770
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. Vulnerabilidad de inyección CRLF en el control ActiveX Akamai Download Manager anteriores a la 2.2.3.6, permite a atacantes remotos forzar la descarga y ejecución de archivos arbitrariamente a través de un parámetro URL que contiene un LF codificado seguido de una línea de destino maliciosa. • https://www.exploit-db.com/exploits/5741 http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html http://secunia.com/advisories/30537 http://www.securityfocus.com/archive/1/493077/100/0/threaded http://www.securityfocus.com/archive/1/493142/100/0/threaded http://www.securitytracker.com/id?1020194 http://www.vupen.com/english/advisories/2008/1746/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42879 • CWE-94: Improper Control of Generation of Code ('Code Injection') •