518 matches found
Unrestricted file upload
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...
GHSA-MQPQ-2P68-46FV pyload Unauthenticated Flask Configuration Leakage vulnerability
Summary Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. Details Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. PoC Run pyload in the default configuration by...
GHSA-GHMW-RWH8-6QMR pyload Log Injection vulnerability
Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the...
pyload Log Injection vulnerability
Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the...
CVE-2024-21645
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
CVE-2024-21644
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
Design/Logic Flaw
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
Design/Logic Flaw
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644 pyLoad unauthenticated flask configuration leakage
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...
CVE-2024-21644
Affected software: pyLoad (Python-based download manager). Issue: Unauthenticated users can access the Flask configuration, including the SECRET_KEY, via a specific URL endpoint, due to improper access control in the web UI. Root cause / details: The vulnerability is triggered by a route that ren...
CVE-2024-21645
pyload is affected by a Log Injection vulnerability (CVE-2024-21645) that allows any unauthenticated actor to inject arbitrary log messages into pyload logs. The root cause is insufficient escaping of certain input (e.g., newline in username) which corrupts log entries. Impact: forged or corrupte...
CVE-2024-21645 pyLoad Log Injection
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
CVE-2024-21645 pyLoad Log Injection
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
CVE-2024-21645 pyLoad Log Injection
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...
CVE-2023-47890
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...
pyload injection vulnerability
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. An injection vulnerability exists in versions prior to pyLoad 0.5.0b3.dev76, which stems from the presence of a log injection vulnerabili...
PT-2024-18994 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev77 Description: Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET KEY variable. This issue allows attackers to access sensitive information, which could...
CVE-2023-47890
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...