16 matches found
CVE-2026-35463
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
CVE-2026-35463
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
CVE-2026-35463
Pyload/pyload-ng (CVE-2026-35463) exposes a remote code execution path when the AntiVirus plugin’s executable path (avfile) and arguments are user-configurable. The ADMIN_ONLY_OPTIONS protection applies to core config but not to plugin config, allowing a non-admin user with SETTINGS permission to...
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
pyLoad 操作系统命令注入漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad 0.5.0b3.dev96 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the ADMINONLYOPTIONS protection mechanism, which was only applied to core configuratio...
pyLoad: Improper Neutralization of Special Elements used in an OS Command
Summary The ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an...
Command Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection through improper handling of plugin configuration options, specifically the avfile parameter in the AntiVirus plugin, which is passed...
PT-2026-30340
Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description The ADMIN ONLY OPTIONS protection mechanism, intended to restrict access to sensitive configuration values, is not applied to plugin configuration options. Specifically, the AntiVirus plugin...
EUVD-2018-10713
Malware in sbrugna...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
Remote code execution
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2008-0858
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors...
Kerio MailServer < 6.5.0 Multiple Vulnerabilities
The remote host is running Kerio MailServer, a commercial mail server available for Windows, Linux, and Mac OS X platforms. According to its banner, the installed version of Kerio MailServer is affected by several issues : - There is a possible buffer overflow in the Visnetic antivirus plug-in. -...