Search criteria
15 vulnerabilities found for download_manager by adobe
FKIE_CVE-2022-2926
Vulnerability from fkie_nvd - Published: 2022-09-26 13:15 - Updated: 2025-05-21 17:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | download_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A611139-199C-42CB-9928-BA3CDDDBB92A",
"versionEndExcluding": "3.2.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory"
},
{
"lang": "es",
"value": "El plugin Download Manager de WordPress versiones anteriores a 3.2.55, no comprueba una de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, listar y leer archivos y carpetas arbitrarias fuera del directorio del blog\n"
}
],
"id": "CVE-2022-2926",
"lastModified": "2025-05-21T17:15:53.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-26T13:15:10.577",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-9688
Vulnerability from fkie_nvd - Published: 2020-07-17 00:15 - Updated: 2024-11-21 05:41
Severity ?
Summary
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | download_manager | 2.0.0.518 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:download_manager:2.0.0.518:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1D8FF8-E763-4A45-AC1A-CF4E2323D125",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Adobe Download Manager versi\u00f3n 2.0.0.518, presenta una vulnerabilidad de inyecci\u00f3n de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"
}
],
"id": "CVE-2020-9688",
"lastModified": "2024-11-21T05:41:06.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-17T00:15:12.133",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8071
Vulnerability from fkie_nvd - Published: 2019-10-17 19:15 - Updated: 2024-11-21 04:49
Severity ?
Summary
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | download_manager | 2.0.0.363 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:download_manager:2.0.0.363:*:*:*:*:*:*:*",
"matchCriteriaId": "D38F6A4C-702B-4993-A19C-ED462F3C8499",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation."
},
{
"lang": "es",
"value": "Adobe Download Manager versiones 2.0.0.363 tiene una vulnerabilidad de permisos de archivo insegura. Una explotaci\u00f3n con \u00e9xito podr\u00eda conducir a la escalada de privilegios."
}
],
"id": "CVE-2019-8071",
"lastModified": "2024-11-21T04:49:13.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-17T19:15:11.063",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0189
Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nos_microsystems | getplus_download_manager | 1.5.2.35 | |
| adobe | download_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nos_microsystems:getplus_download_manager:1.5.2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "8C521C4C-822C-4308-B1C7-FE0795441F5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "952B9AE6-57AC-4096-8865-A239C74A0AA4",
"versionEndIncluding": "1.6.2.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
},
{
"lang": "es",
"value": "Un determinado control ActiveX en getPlus Download Manager de NOS Microsystems, (tambi\u00e9n se conoce como DLM o Downloader) versi\u00f3n 1.5.2.35, tal y como es usado en Adobe Download Manager, comprueba inapropiadamente las peticiones que involucran sitios web que no est\u00e1n en subdominios, lo que permite a los atacantes remotos forzar la descarga e instalaci\u00f3n de programas arbitrarios por medio de un nombre especialmente dise\u00f1ado para un sitio de descarga."
}
],
"evaluatorComment": "Per: http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html\r\n\r\n\r\n\r\n\"Adobe is aware of the recently posted report of a remote code execution vulnerability in the Adobe Download Manager.\"",
"id": "CVE-2010-0189",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-23T20:30:00.703",
"references": [
{
"source": "psirt@adobe.com",
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"source": "psirt@adobe.com",
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"source": "psirt@adobe.com",
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"source": "psirt@adobe.com",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38729"
},
{
"source": "psirt@adobe.com",
"url": "http://securitytracker.com/id?1023651"
},
{
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"source": "psirt@adobe.com",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"source": "psirt@adobe.com",
"url": "http://www.osvdb.org/62547"
},
{
"source": "psirt@adobe.com",
"url": "http://www.securityfocus.com/bid/38313"
},
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"source": "psirt@adobe.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
},
{
"source": "psirt@adobe.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-5856
Vulnerability from fkie_nvd - Published: 2006-12-06 19:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | download_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CC03FA-70D1-4B26-BD90-23ADA815E524",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el Adobe Download Manager anterior a 2.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de secci\u00f3n largo en el fichero dm.ini, el cual es rellenado mediante un fichero AOM."
}
],
"id": "CVE-2006-5856",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-06T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23233"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017340"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-2926 (GCVE-0-2022-2926)
Vulnerability from cvelistv5 – Published: 2022-09-26 12:35 – Updated: 2025-05-21 16:23
VLAI?
Title
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
Summary
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Download Manager |
Affected:
3.2.55 , < 3.2.55
(custom)
|
Credits
Raad Haddad of Cloudyrion GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T16:23:04.080152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T16:23:31.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.55",
"status": "affected",
"version": "3.2.55",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T12:35:35.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Download Manager \u003c 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2926",
"STATE": "PUBLIC",
"TITLE": "Download Manager \u003c 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.2.55",
"version_value": "3.2.55"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2926",
"datePublished": "2022-09-26T12:35:35.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-21T16:23:31.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9688 (GCVE-0-2020-9688)
Vulnerability from cvelistv5 – Published: 2020-07-17 00:01 – Updated: 2024-08-04 10:34
VLAI?
Summary
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Adobe Download Manager |
Affected:
version 2.0.0.518
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Download Manager",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "version 2.0.0.518"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T00:01:33",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Download Manager",
"version": {
"version_data": [
{
"version_value": "version 2.0.0.518"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/adm/apsb20-49.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9688",
"datePublished": "2020-07-17T00:01:33",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8071 (GCVE-0-2019-8071)
Vulnerability from cvelistv5 – Published: 2019-10-17 18:03 – Updated: 2024-08-04 21:10
VLAI?
Summary
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
Severity ?
No CVSS data available.
CWE
- Insecure file permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Adobe Download Manager |
Affected:
2.0.0.363 versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Download Manager",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "2.0.0.363 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T18:03:12",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Download Manager",
"version": {
"version_data": [
{
"version_value": "2.0.0.363 versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/adm/apsb19-51.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8071",
"datePublished": "2019-10-17T18:03:12",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:10:32.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0189 (GCVE-0-2010-0189)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"name": "http://blogs.zdnet.com/security/?p=5505",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401",
"refsource": "MISC",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-0189",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5856 (GCVE-0-2006-5856)
Vulnerability from cvelistv5 – Published: 2006-12-06 19:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20061205.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5856",
"datePublished": "2006-12-06T19:00:00",
"dateReserved": "2006-11-10T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2926 (GCVE-0-2022-2926)
Vulnerability from nvd – Published: 2022-09-26 12:35 – Updated: 2025-05-21 16:23
VLAI?
Title
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
Summary
The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Download Manager |
Affected:
3.2.55 , < 3.2.55
(custom)
|
Credits
Raad Haddad of Cloudyrion GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T16:23:04.080152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T16:23:31.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Download Manager",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.55",
"status": "affected",
"version": "3.2.55",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-26T12:35:35.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Download Manager \u003c 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2926",
"STATE": "PUBLIC",
"TITLE": "Download Manager \u003c 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.2.55",
"version_value": "3.2.55"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2926",
"datePublished": "2022-09-26T12:35:35.000Z",
"dateReserved": "2022-08-22T00:00:00.000Z",
"dateUpdated": "2025-05-21T16:23:31.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9688 (GCVE-0-2020-9688)
Vulnerability from nvd – Published: 2020-07-17 00:01 – Updated: 2024-08-04 10:34
VLAI?
Summary
Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Adobe Download Manager |
Affected:
version 2.0.0.518
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Download Manager",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "version 2.0.0.518"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T00:01:33",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2020-9688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Download Manager",
"version": {
"version_data": [
{
"version_value": "version 2.0.0.518"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/adm/apsb20-49.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/adm/apsb20-49.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9688",
"datePublished": "2020-07-17T00:01:33",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8071 (GCVE-0-2019-8071)
Vulnerability from nvd – Published: 2019-10-17 18:03 – Updated: 2024-08-04 21:10
VLAI?
Summary
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
Severity ?
No CVSS data available.
CWE
- Insecure file permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Adobe Download Manager |
Affected:
2.0.0.363 versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Download Manager",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "2.0.0.363 versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure file permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T18:03:12",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Download Manager",
"version": {
"version_data": [
{
"version_value": "2.0.0.363 versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure file permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/adm/apsb19-51.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/adm/apsb19-51.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8071",
"datePublished": "2019-10-17T18:03:12",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:10:32.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0189 (GCVE-0-2010-0189)
Vulnerability from nvd – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-0189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-08.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-08.html"
},
{
"name": "1023651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023651"
},
{
"name": "38313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38313"
},
{
"name": "ADV-2010-0459",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0459"
},
{
"name": "http://blogs.zdnet.com/security/?p=5505",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=5505"
},
{
"name": "20100223 Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856"
},
{
"name": "http://www.akitasecurity.nl/advisory.php?id=AK20090401",
"refsource": "MISC",
"url": "http://www.akitasecurity.nl/advisory.php?id=AK20090401"
},
{
"name": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx",
"refsource": "MISC",
"url": "http://aviv.raffon.net/2010/02/18/SkeletonsInAdobesSecurityCloset.aspx"
},
{
"name": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2010/02/adobe_download_manager_issue.html"
},
{
"name": "38729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38729"
},
{
"name": "oval:org.mitre.oval:def:7182",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7182"
},
{
"name": "62547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62547"
},
{
"name": "adobe-dlmanager-unspecified-file-download(56370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-0189",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5856 (GCVE-0-2006-5856)
Vulnerability from nvd – Published: 2006-12-06 19:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-044/"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453636/100/0/threaded"
},
{
"name": "23233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23233"
},
{
"name": "VU#448569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/448569"
},
{
"name": "20061207 ZDI-06-044: Adobe Download Manager AOM Parsing Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453755/100/0/threaded"
},
{
"name": "21453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21453"
},
{
"name": "adobe-download-aom-bo(30742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30742"
},
{
"name": "20061206 EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051114.html"
},
{
"name": "1017340",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017340"
},
{
"name": "ADV-2006-4867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4867"
},
{
"name": "http://research.eeye.com/html/advisories/published/AD20061205.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/advisories/published/AD20061205.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-19.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5856",
"datePublished": "2006-12-06T19:00:00",
"dateReserved": "2006-11-10T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}