CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
23 Jul 2009 — Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
09 Jun 2008 — The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacante... • http://secunia.com/advisories/30135 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6339
https://notcve.org/view.php?id=CVE-2007-6339
01 May 2008 — The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." El control ActiveX del Gestor de descargas Akamai (Aka DLM dlmanager) (DownloadManagerV2.ocx) anterior a 2.2.3.5 permite a los atacantes remotos forzar la descarga y ejecución de código arbitrario mediante "parámetros indocumentados de objeto" sin especificar. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 0CVE-2007-1891
https://notcve.org/view.php?id=CVE-2007-1891
18 Apr 2007 — Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. Desbordamiento de búfer basado en pila en la función GetPrivateProfileSectionW del control ActiveX Akamai Technologies Download Manager (DownloadManagerV2.ocx) después de la v... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=514 •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-1892
https://notcve.org/view.php?id=CVE-2007-1892
18 Apr 2007 — Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. Desbordamiento de búfer basado en pila en el control ActiveX Technologies Download Manager (DownloadManagerV2.ocx) anterior a 2.2.1.0 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados, un asunto diferente que CVE-2007-1891. • http://secunia.com/advisories/24900 •