CVE-2024-49315 – WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49315
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. The FREE DOWNLOAD MANAGER plugin for WordPress is vulnerable to Arbitrary File Downloads in all versions up to, and including, 1.0.0 via the download_stats_updated() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/free-download-manager/wordpress-free-download-manager-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-8284 – Download Manager <= 3.2.98 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8284
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-29114 – WordPress Download Manager plugin <= 3.2.84 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29114
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en W3 Eden, Inc. Download Manager permite almacenar XSS. Este problema afecta a Download Manager: desde n/a hasta 3.2.84. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-84-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-20097 – WP-Filebase Download Manager Plugin cross site scriting
https://notcve.org/view.php?id=CVE-2017-20097
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. • http://seclists.org/fulldisclosure/2017/Feb/78 https://vuldb.com/?id.97370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2009-0184 – Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0184
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file. Múltiple desbordamiento de búfer en la implementación del torrent parsing en Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844 permite a atacantes remotos ejecutar código de su elección a través de (1) un nombre de fichero largo sin un fichero torrent, (2) una dirección de tracker URL larga en un fichero torrent, o (3) un comentario largo en un fichero torrent. • https://www.exploit-db.com/exploits/10009 https://www.exploit-db.com/exploits/16634 http://secunia.com/advisories/33524 http://secunia.com/secunia_research/2009-5 http://www.securityfocus.com/archive/1/500605/100/0/threaded http://www.securityfocus.com/bid/33555 http://www.vupen.com/english/advisories/2009/0302 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •