316 matches found
Malicious Package
Overview learning-dl is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
dl-manual.com Open Redirect vulnerability OBB-2815947
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview phub-dl is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious code in xnxx-dl-wa-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ae97fc6d17d4a931da57669f1fc5dcd02644f5a8c9c0f8d9a416f741c15368a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7286 Malicious code in xnxx-dl-wa-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ae97fc6d17d4a931da57669f1fc5dcd02644f5a8c9c0f8d9a416f741c15368a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-12358
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dlsendsms.php when the attacker has dlsprint authority via a dlid cookie...
ZZCMS SQL注入漏洞
ZZCMS is a content management system CMS from the ZZCMS team in China. zzCMS version 2019 is vulnerable to SQL injection, which stems from the lack of security filtering of the id parameter in /dl/dlprint.php. No detailed vulnerability details are provided at this time...
GHSA-75P7-527P-W8WP Server-Side Request Forgery and Open Redirect in AllTube Download
Impact On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is only possible when the stream option is...
Server-Side Request Forgery and Open Redirect in AllTube Download
Impact On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is only possible when the stream option is...
CVE-2022-24739
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is onl...
CVE-2022-24739
CVE-2022-24739 affects alltube (HTML frontend for youtube-dl). Before version 3.0.3, a crafted HTML page could trigger either an open redirect or a Server-Side Request Forgery (SSRF) depending on configuration. SSRF was only possible when the stream option is enabled, which is disabled by default...
CVE-2022-24739 Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is onl...
CVE-2022-24739 Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube
alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is onl...
Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect')
Impact On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is only possible when the stream option is...
AllTube Download 代码问题漏洞
AllTube Download is a Youtube-dl Web Gui by Pierre Rudloff, an individual developer. AllTube Download suffers from a code issue vulnerability that stems from the fact that cross-site request forgery attacks can only occur on the HTML frontend of youtube-dl when Alltube has the "stream" option...
Sever-side Request Forgery (SSRF)
rudloff/alltube is vulnerable to server-side request forgery. An attacker is able to pass malicious parameters which are directly fed into the youtube-dl command, allowing the attacker to perform malicious redirect, internal port scanning and obtaining sensitive information about services on...
GHSA-R5HC-WM3G-HJW6 Server-Side Request Forgery (SSRF) in rudloff/alltube
Impact Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname. Patches 3.0.2 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Part of the fix requires applyi...
Server-Side Request Forgery (SSRF) in rudloff/alltube
Impact Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname. Patches 3.0.2 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Part of the fix requires applyi...
Server-Side Request Forgery (SSRF)
Impact Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname. Patches 3.0.2 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Part of the fix requires applyi...
Datalogic Dxu Service Licensing Issue Vulnerability
Datalogic Dxu Service is a Datalogic system application for device configuration from the Italian company Datalogic.An authorization issue vulnerability exists in the Datalogic DXU service on DL-Axist, which stems from a lack of privileges when making privilege changes to the product's Datalogic...