Lucene search
K

9 matches found

OSV
OSV
added 2026/04/08 12:4 a.m.6 views

GHSA-PPVX-RWH9-7RJ7 pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 4:9 p.m.11 views

CVE-2026-35586

The vulnerability CVE-2026-35586 affects pyload-ng and stems from an incorrect admin-only configuration guard: the ADMIN_ONLY_CORE_OPTIONS set uses ssl_cert and ssl_key instead of the actual ssl_certfile and ssl_keyfile names, and ssl_certchain was not included. This lets any non-admin user with ...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 4:9 p.m.3 views

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References1
OSV
OSV
added 2022/04/12 5:15 a.m.7 views

PYSEC-2022-191

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS7.2AI score0.02919EPSS
Exploits0References5
PyPA
PyPA
added 2022/04/12 5:15 a.m.8 views

PYSEC-2022-191

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS8AI score0.02919EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/04/11 8:0 a.m.1 views

UBUNTU-CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

9.8CVSS7.2AI score0.02919EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/09/16 12:0 a.m.7 views

PT-2019-7755 · WordPress · Icegram

Name of the Vulnerable Software and Affected Versions: icegram plugin versions prior to 1.9.19 Description: The issue concerns a CSRF vulnerability via the option name parameter in the "wp-admin/edit.php" endpoint. This allows for potential unauthorized actions. Recommendations: For versions prio...

6.5CVSS6.3AI score0.00612EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2015/06/02 12:0 a.m.23 views

Jildi FTP Client 1.5.2 Build 1138 Buffer Overflow

!/usr/bin/python Exploit Title:Jildi FTP Client Buffer Overflow Poc Version:1.5.2 Build 1138 Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-21604-10562942.html Software Link:http://de.download.cnet.com/Jildi-FTP-Client/3001-21604-10562942.html?hasJs=n&hlndr=1&dlm=0 Tested on:Win7 32bi...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/06/23 12:0 a.m.23 views

OpenCart CMS Cross Site Scripting

| |/ | | / | | / \ | | | | / \ | | | |/ | | / | | | | ' \ / / / / / / / / | / / \ \ | | | | | |/ / | | | \ \ \ | | \ \ \ | / / /||/|| |// \ , /\ , /|// || / || || / || || -------------------------------------------------------------------...

7.4AI score
Exploits0
Rows per page
Query Builder