15 matches found
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...
EUVD-2014-5553
Malware in sbrugna...
CVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
CVE-2025-10472 harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...
MoneyPrinterTurbo 路径遍历漏洞
MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. A path traversal vulnerability exists in MoneyPrinterTurbo 1.2.6 and earlier versions, which stems from path traversal due to incorrect operation of the function...
CVE-2022-4785 Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode
The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Plugin Download Video Sidebar Widgets 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...
Directory traversal
Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...
Server side request forgery (ssrf)
Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...
CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...
Information disclosure
The AVD Download Video aka com.myboyfriendisageek.videocatcher.demo application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5666
The AVD Download Video aka com.myboyfriendisageek.videocatcher.demo application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5666
CVE-2014-5666 concerns the Android app “AVD Download Video” (com.myboyfriendisageek.videocatcher.demo), version 3.3.13. The vulnerability is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via...