CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html http://secunia.com/advisories/30037 http://www.securityfocus.com/bid/28993 http://www.securitytracker.com/id?1019955 http://www.vupen.com/english/advisories/2008/1408/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42117 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-5856 – Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5856
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. Desbordamiento de búfer basado en pila en el Adobe Download Manager anterior a 2.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de sección largo en el fichero dm.ini, el cual es rellenado mediante un fichero AOM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Download Manager application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the AOM file format parser. A long [URL] element inside of a [DownloadRecord] element within an AOM file will result in a stack-based buffer overflow condition leading to execution of arbitrary code. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html http://research.eeye.com/html/advisories/published/AD20061205.html http://secunia.com/advisories/23233 http://securitytracker.com/id?1017340 http://www.adobe.com/support/security/bulletins/apsb06-19.html http://www.kb.cert.org/vuls/id/448569 http://www.securityfocus.com/archive/1/453636/100/0/threaded http://www.securityfocus.com/archive/1/453755/100/0/threaded http://www.securityfocus.com/bid/21453 •
CVE-2006-2964
https://notcve.org/view.php?id=CVE-2006-2964
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. • http://securityreason.com/securityalert/1072 http://www.osvdb.org/26643 http://www.osvdb.org/26644 http://www.osvdb.org/26645 http://www.osvdb.org/26646 http://www.osvdb.org/26647 http://www.osvdb.org/26648 http://www.securityfocus.com/archive/1/436104/100/0/threaded http://www.securityfocus.com/archive/1/436107/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26961 •