CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-22416

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...

CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

CVE-2023-0488

Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...

CVE-2023-0057

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33...

CVE-2023-47890

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload...

CVE-2023-0509

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...

CVE-2023-0055

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32...

CVE-2023-0297

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...

CVE-2023-0227

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36...

CVE-2023-0435

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...

CVE-2023-0434

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...

CVE-2024-21644

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

CVE-2024-47821

pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...

CVE-2024-32880

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

Pyload Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Pyload RCE CVE-2024-39205 with js2py sandbox escape CVE-2024-28397', 'Description' = %q CVE-2024-28397 is sandbox escape ...

Pyload Remote Code Execution Exploit

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...

Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...

CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...