10 matches found
Command Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection via the flashgot API and the download process. An attacker can execute arbitrary code by manipulating the download path to target the...
GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...
PYSEC-2024-302
pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...
PYSEC-2024-302
pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...
CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...
CVE-2024-47821 pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pyLoad is a free and open-source Download Manager. The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be...
pyLoad 操作系统命令注入漏洞
pyLoad is pyLoad open source a free open source download manager written in Python. An OS command injection vulnerability exists in pyLoad version 0.5.0, which stems from improper privilege handling and allows an attacker to remotely execute code by changing the download folder to the /scripts pa...
PT-2024-32833 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev87 Description: The vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. This is achieved by downloading an...
JDownloader Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Product JDownloader1 is an open source download manager for One-Click- Filehoster like Rapidshare or Megaupload. The Click'n'Load2 interface allows external applications and websites to send URLs to the local running JDownloader. With Click'n'Loa...