CVE-2024-1240

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

PYSEC-2024-123

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

Open Redirect

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Open Redirect via the issafeurl function. An attacker can redirect users to malicious websites, which may be used for phishing and similar attacks by...

PYSEC-2024-123

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240

The CVE-2024-1240 entry applies to pyload/pyload 0.5.0, where the login flow mishandles the next parameter, enabling an open redirect to attacker-controlled sites (phishing risk). The issue is mitigated by upgrading to pyload-ng 0.5.0b3.dev79 or later. Connected documents confirm the vulnerable c...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

CVE-2024-1240 Open Redirection in pyload/pyload

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other...

pyLoad 输入验证错误漏洞

pyLoad is a free and open source download manager written in Python by pyLoad Open Source. An input validation error vulnerability exists in pyload version 0.5.0 due to improper handling of the "next" parameter in the login function. An attacker could use this vulnerability to redirect users to a...

PT-2024-17577 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload/pyload version 0.5.0 Description: An open redirection vulnerability exists due to improper handling of the next parameter in the login functionality. This allows an attacker to redirect users to malicious sites, potentially leading to...

Remote Code Execution (RCE)

pyload-ng is vulnerable to Remote Code Execution RCE. The vulnerability exists due to improper input validation of HTTP requests, allowing attackers to execute arbitrary code...

The vulnerability of the software for downloading pyload files is related to insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the software for downloading pyload files is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP request remotely...

GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

Command Injection

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the flashgot API and the download process. An attacker can execute arbitrary code by manipulating the download path to target the...

pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-39205

CVE-2024-39205 affects pyload-ng (v0.5.0b3.dev85 and earlier) on Python 3.11 or below, exposing remote code execution via the /flash/addcrypted2 API. The root cause is the js2py sandbox escape (CVE-2024-28397) leveraged to bypass localhost access and run arbitrary commands on the host. Public dis...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...