518 matches found
pyLoad Input Validation Error Vulnerability
pyload is a free and open source download manager written in Python and designed to be extremely lightweight, easily scalable and fully manageable over the Web. An input validation error vulnerability exists in pyLoad that stems from incorrect validation of input values when redirecting users aft...
GHSA-G3CM-QG2V-2HJ5 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...
PT-2024-20576 · Python +1 · Urllib +1
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to the version with commit fe94451 Description: The issue is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad validates URLs via the get redirect url...
VulnCheck KEV: CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
GHSA-PGPJ-V85Q-H5FM Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attack. This proof of concept shows how an unauthenticated user could...
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Summary The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attack. This proof of concept shows how an unauthenticated user could...
Cross-Site Request Forgery (CSRF)
pyLoad is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to a missing SameSite attribute for the session cookie. This allows an attacker to perform a Cross-Site Request Forgery CSRF attack via an API call...
CVE-2024-22416
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
PYSEC-2024-17
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
PYSEC-2024-17
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2024-22416
Affected software: pyLoad (Python-based download manager). Vulnerability: CSRF in the pyload API where GET requests can be used without SameSite cookie protection, allowing any API call by an unauthenticated user. This has been addressed in release 0.5.0b3.dev78, and all users are advised to upgr...
pyload Cross-Site Request Forgery Vulnerability
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully...
Log Injection
pyload-ng is vulnerable to Log Injection. The vulnerability is caused due to a lack of validation while logging an error in apiblueprint.py and appblueprint.py. An attacker can corrupt log files exploiting this vulnerability...
Information Disclosure
pyload-ng is vulnerable to Unauthenticated Information Disclosure. The vulnerability is due to improper authorization and authentication checks. This issue can be exploited by an attacker to disclose sensitive information such as Flask configurations, which includes the SECRETKEY variable...
CVE-2023-47890
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...
CVE-2023-47890
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...