CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49315 – WordPress FREE DOWNLOAD MANAGER plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49315
15 Oct 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. The FREE DOWNLOAD MANAGER plugin for WordPress is vulnerable to Arbitrary File Downloads in all versions up to, and including, 1.0.0 via the download_stats_updated() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can co... • https://patchstack.com/database/vulnerability/free-download-manager/wordpress-free-download-manager-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 79%CPEs: 2EXPL: 2CVE-2009-0183 – Free Download Manager 2.5/3.0 - Authorisation Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-0183
03 Feb 2009 — Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request. Desbordamiento del búfer basado en pila en Remote Control Server de Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844; permite a atacantes remotos ejecutar código de su elección a través de una cabecera larga Authorization en una petición HTTP. • https://www.exploit-db.com/exploits/7986 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 59%CPEs: 2EXPL: 2CVE-2009-0184 – Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0184
03 Feb 2009 — Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file. Múltiple desbordamiento de búfer en la implementación del torrent parsing en Free Download Manager (FDM) v2.5 Build 758 y v3.0 Build 844 permite a atacantes remotos ejecutar código de su elección a través ... • https://www.exploit-db.com/exploits/10009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •