CVSS: 9.3EPSS: 49%CPEs: 2EXPL: 4CVE-2014-2087 – Free Download Manager - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-2087
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user. Desbordamiento de buffer basado en pila en la función CDownloads_Deleted::UpdateDownload en Downloads_Deleted.cpp en Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852 y anteriores permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un nombre de archivo largo, lo que después es eliminado de la cola de descarga por el usuario. • https://www.exploit-db.com/exploits/32332 http://seclists.org/fulldisclosure/2014/Mar/137 http://www.securityfocus.com/archive/1/531465/100/0/threaded http://www.securityfocus.com/bid/66211 https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0999
https://notcve.org/view.php?id=CVE-2010-0999
Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Vulnerabilidad de salto de directorio en Free Download Manager (FDM) anteriores a v3.0.852, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink. • http://osvdb.org/64670 http://secunia.com/secunia_research/2010-67 http://www.securityfocus.com/archive/1/511284/100/0/threaded http://www.securityfocus.com/bid/40152 https://exchange.xforce.ibmcloud.com/vulnerabilities/58627 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7284 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 23%CPEs: 9EXPL: 0CVE-2010-0998
https://notcve.org/view.php?id=CVE-2010-0998
Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect. Múltiple desbordamiento de búfer basado en pila en Free Download Manager (FDM) anteriores a v3.0.852, permite a atacantes remotos ejecutar código de su elección a través de vectores que implican las características (1) "folders" en Site Explorer, (2) cathe websites Site Explorer, (3) un FTP URI, o (4) redirect. • http://osvdb.org/64671 http://osvdb.org/64672 http://osvdb.org/64673 http://osvdb.org/64674 http://secunia.com/advisories/39447 http://secunia.com/secunia_research/2010-68 http://www.securityfocus.com/archive/1/511282/100/0/threaded http://www.securityfocus.com/bid/40146 https://exchange.xforce.ibmcloud.com/vulnerabilities/58626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7006 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •