GHSA-79W7-VH3H-8G4J yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================================== Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ======================================================================== ?php /...