MidnightBSD

Advisories for freedownloadmanager

CVE-2010-0998 HIGH

Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedownloadmanager free_download_manager 2.5.724
freedownloadmanager free_download_manager 3.0.843
freedownloadmanager free_download_manager 3.0.850
freedownloadmanager free_download_manager 2.5.704
freedownloadmanager free_download_manager 2.1
freedownloadmanager free_download_manager *
freedownloadmanager free_download_manager 2
freedownloadmanager free_download_manager 2.5.700
freedownloadmanager free_download_manager 3.0.848
CVE-2010-0999 HIGH

Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
freedownloadmanager free_download_manager 2.5.724
freedownloadmanager free_download_manager 3.0.843
freedownloadmanager free_download_manager 3.0.850
freedownloadmanager free_download_manager 2.5.704
freedownloadmanager free_download_manager 2.1
freedownloadmanager free_download_manager *
freedownloadmanager free_download_manager 2
freedownloadmanager free_download_manager 2.5.700
freedownloadmanager free_download_manager 3.0.848
CVE-2014-2087 HIGH

Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
freedownloadmanager free_download_manager 3.8
freedownloadmanager free_download_manager 3.9.3