CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2926 – Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
https://notcve.org/view.php?id=CVE-2022-2926
05 Sep 2022 — The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory El plugin Download Manager de WordPress versiones anteriores a 3.2.55, no comprueba una de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, listar y leer archivos y carpetas arbitrarias fuera del directorio del blog The Download Manager plug... • https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2020-9688
https://notcve.org/view.php?id=CVE-2020-9688
17 Jul 2020 — Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Download Manager versión 2.0.0.518, presenta una vulnerabilidad de inyección de comandos. Una explotación con éxito podría conllevar a una ejecución de código arbitraria • https://helpx.adobe.com/security/products/adm/apsb20-49.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8071
https://notcve.org/view.php?id=CVE-2019-8071
17 Oct 2019 — Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. Adobe Download Manager versiones 2.0.0.363 tiene una vulnerabilidad de permisos de archivo insegura. Una explotación con éxito podría conducir a la escalada de privilegios. • https://helpx.adobe.com/security/products/adm/apsb19-51.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2010-0189
https://notcve.org/view.php?id=CVE-2010-0189
23 Feb 2010 — A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems, (también se conoce como DLM o Downloader) versión 1.5.2.35, tal y como es usado en ... • http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 5CVE-2009-2564 – Adobe 9.x Related Service - 'getPlus_HelperSvc.exe' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2564
21 Jul 2009 — NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is... • https://www.exploit-db.com/exploits/9199 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2008-5364
https://notcve.org/view.php?id=CVE-2008-5364
08 Dec 2008 — Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817. Desbordamiento de búfer basado en pila en el control ActiveX getPlus en gp.ocx v1.2.2.50 en NOS Microsystems getPlus Download Manager, como el usado por el proceso de instalación de Adobe Reader v8.1 ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 10EXPL: 0CVE-2008-4816
https://notcve.org/view.php?id=CVE-2008-4816
05 Nov 2008 — Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allows remote attackers to change Internet Security options on a client machine via unknown vectors. Vulnerabilidad no especificada en el Gestor de Descargas de Adobe Reader v8.1.2 y anteriores en Windows; permite a atacantes remotos modificar las opciones de Seguridad de Internet en una máquina cliente a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html •
CVSS: 9.3EPSS: 9%CPEs: 9EXPL: 0CVE-2008-4817 – Reader: Download Manager input validation flaw
https://notcve.org/view.php?id=CVE-2008-4817
05 Nov 2008 — The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption. El Gestor de Descargas (Download Manager) de Adobe Acrobat Professional y Reader v8.1.2 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que llama a una función AcroJS con un argumento de cadena larga pro... • http://download.oracle.com/sunalerts/1019937.1.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 59%CPEs: 1EXPL: 0CVE-2006-5856 – Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2006-5856
06 Dec 2006 — Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. Desbordamiento de búfer basado en pila en el Adobe Download Manager anterior a 2.2 permite a atacantes remotos ejecutar código de su elección mediante un nombre de sección largo en el fichero dm.ini, el cual es rellenado mediante un fichero AOM. This vulnerability allows remote attackers to execute arbitrary cod... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html •