Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
download manager vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-8877
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin prior to 2.0.4 for WordPress allows remote malicious users to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by t...
Creative Minds Cm Download Manager
Creative Minds Cm Download Manager 2.0.2
Creative Minds Cm Download Manager 2.0.1
Creative Minds Cm Download Manager 2.0.0
1 EDB exploit
2 Nmap scripts
1 Github repository
9.3
CVSSv2
CVE-2014-2087
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and previous versions allows user-assisted remote malicious users to execute arbitrary code via a long...
Freedownloadmanager Free Download Manager 3.9.3
Freedownloadmanager Free Download Manager 3.8
1 EDB exploit
4.3
CVSSv2
CVE-2017-20097
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.
Wp-filebase Download Manager Project Wp-filebase Download Manager 3.4.4
6.5
CVSSv2
CVE-2021-25069
The Download Manager WordPress plugin prior to 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
Wpdownloadmanager Download Manager
4.3
CVSSv2
CVE-2022-2168
The Download Manager WordPress plugin prior to 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
Wpdownloadmanager Download Manager
NA
CVE-2022-45836
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions.
Wpdownloadmanager Download Manager
6.8
CVSSv2
CVE-2006-5856
Stack-based buffer overflow in the Adobe Download Manager prior to 2.2 allows remote malicious users to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
Adobe Download Manager
NA
CVE-2022-2926
The Download Manager WordPress plugin prior to 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Adobe Download Manager
NA
CVE-2023-1524
The Download Manager WordPress plugin prior to 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user ...
Wpdownloadmanager Download Manager
NA
CVE-2023-1809
The Download Manager WordPress plugin prior to 6.3.0 leaks master key information without the need for a password, allowing malicious users to download arbitrary password-protected package files.
Wpdownloadmanager Download Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »