518 matches found
CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
CVE-2023-0227
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36...
CVE-2023-0435
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
CVE-2023-0434
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...
CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-47821
pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...
CVE-2024-32880
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...
Pyload Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Pyload RCE CVE-2024-39205 with js2py sandbox escape CVE-2024-28397', 'Description' = %q CVE-2024-28397 is sandbox escape ...
Pyload Remote Code Execution Exploit
CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...
CVE-2024-1240
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
CVE-2024-1240
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
PYSEC-2024-123
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
Open Redirect
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Open Redirect via the issafeurl function. An attacker can redirect users to malicious websites, which may be used for phishing and similar attacks by...
PYSEC-2024-123
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
CVE-2024-1240 Open Redirection in pyload/pyload
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
CVE-2024-1240
The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...
CVE-2024-1240 Open Redirection in pyload/pyload
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...
pyLoad 输入验证错误漏洞
pyLoad is a free and open source download manager written in Python by pyLoad Open Source. An input validation error vulnerability exists in pyload version 0.5.0 due to improper handling of the "next" parameter in the login function. An attacker could use this vulnerability to redirect users to a...
PT-2024-17577 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload version 0.5.0 Description: An open redirection vulnerability exists due to improper handling of the next parameter in the login functionality. This allows an attacker to redirect users to malicious sites, potentially leading to...