iDefense Security Advisory 04.30.08 - Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable.
f0e0510c73a61c63aa3aab61418d9329d39123888ec190022a7e749ba1be1c5cTempest Security Intelligence Advisory ADV-8/2016 - Akamai Netsession 1.9.3.1 is vulnerable to dll hijacking as it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned dll is missing from its installation. Thus making it possible to hijack the dll and subsequently inject code within the Akamai NetSession process space.
3dedecb489ed5a0d9fc62c3d0f0b03779be049ff0c99d1d773806ff026f848c7This paper summarizes the findings from NCC's research into Akamai while providing advice to companies wishing to gain the maximum security when leveraging their solutions.
87bf6bdbd4a217dca83340b5158fe1ee1bc60e71894efd187434a3521fc29c37The Call for Papers for the third annual HITBSecConf in Europe is now open. Taking place from the 21st through the 25th of May at the Okura Hotel in Amsterdam, it will be a quad-track conference featuring keynote speakers Andy Ellis (Chief Security Officer, Akamai) and Bruce Schneier (Chief Security Technology Officer, BT).
b91449f24b3ad6b16eddc8476a1114a0c9926f521215ee6b5b71c02c8e4e9775Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called "blended threat" attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. This was fixed in version 2.2.5.4.
29804371b07a8f9024641896f3f7d03d69f4c73848f0b53035414cb6f4660d4eSecunia Security Advisory - A vulnerability has been discovered in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
1bf58b38562670c6e9da382a4834761106b89539d28363ff8ba26d414420fe00Secunia Security Advisory - A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
58699ad8d59354a6ad14499e7a94577168d423f05774ba43ca6dc8e99afdd22bAkamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.4.7 of the ActiveX control. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
6fc366214bd516b6a4df693b28db45824983d914361ec322d96d6ab47a9dbfffAkamai has become aware of a security vulnerability within the Akamai Client Software which can be exploited to conduct cross-site request forgery attacks. This vulnerability exists only in the Akamai Client Software and does not affect Akamai's other services in any way. Akamai has no evidence to date that any attempt has been made to exploit this vulnerability. Versions up to and including 3322 are affected.
72ff99c29e5128ebdff18a697f10091cc821a63f45ca30f4c8dbc6cce682c502Secunia Security Advisory - Secunia Research has discovered a vulnerability in Akamai Red Swoosh client, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system.
350a1daba2315f5b199be94e029fca2059c8e5512d3d6bbd4db7db7504e11599Secunia Security Advisory - A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
c8fddb72bbd9382463833ff006bee4be6a22d07ffb1cf2ea04f427f910badcabA parameter injection vulnerability exists in Akamai Download Manager. By exploiting this vulnerability, the remote attacker can make the users to download arbitrary file, and save it to arbitrary location while they are visiting a vicious web page. It means an attacker who successfully exploits this vulnerability can run arbitrary code on the affected system. Akamai Download Manager ActiveX control version 2.2.3.5 is affected.
902f16a639acb0caf6e7858f4b2ecb43999eac24dfc531821022e19dc957cfc0Akamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.3.5 of the ActiveX control.
424af193790920e4b9b1ef0bea10d815b1d41b449c2590c55487dd4a567af367Secunia Security Advisory - A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
7e5ca827d2be51c150da57cc0d9fc075018fe3d1fef4a3575708191db48382abA security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
6513f8507a93764c7e4e3f9c944ed980d881f73edd90dc048061591e2b5a87e3w00w00's operating system. Yes, a joke.
c7c869568d15aee512c973a781e7aacc751b7d434724db343e310154d469a194It appears that Wells Fargo's online banking is now allowing third party javascript from Akamai. Hopefully they come to their senses.
e4d79e1cad516e2ec202661e2374aaa01a707a6fadb16e87bd2b8adeff736ec8iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Akamai Technologies, Inc's Download Manager ActiveX Control could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 2.2.0.5 of Akamai Technologies Inc's DownloadManagerV2.ocx. All older versions are suspected to be vulnerable.
bd7c8b62df5ed63b528af4059e2e8c5a5b7a896e5b3d9bc44b6a53e6e38cb804Akamai Technologies Security Advisory 2007-0001 - Two security vulnerabilities have been discovered in the ActiveX version of Akamai Download Manager. For successful exploitation, both vulnerabilities require the user to visit a malicious URL, triggering a stack-based buffer overflow that allows the attacker to execute arbitrary code within the context of the victim.
dbbaf096163cf2efc8265445fa804f02abd06396737956dba892bb7bf7981d35Secunia Security Advisory - Two vulnerabilities have been reported in Akamai Download Manager ActiveX control, which can be exploited by malicious people to compromise a user's system.
376deccaa736ef478da06e4ce388a81bfb044c789b90c1a1c59046660f200d4fThis little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.
b17774a047da8f2dda8f5acbd018f5ca39bc608c82b3694b31d3ff473671c675twlc logo
4bda0b4a3fc3c22022e033d7c302b65ce2a5d00d65841e0f1e0ebe6756af3a5dPR09.txt.zip
9996a1594ee69bb668a1744749d3f577ed5deae37acaa60790a092bb44c7594ePR08.txt.zip
36b80c6c10bd2225e2e17e81d9b987f04bf37bea78c18fa4fb6374b3e511b38fPR07.txt.zip
36e8db0e6b74cb9f0375d215491338ca8198e3f7ae0285fadb8acb796e543fd5PR06.txt.zip
a29664967c27b2c474cda8ba345817718e4c6cb0568ae95f11059ae4357c7062
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
