530 matches found
PyLoad 0.5.0 Remote Code Execution
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
Exploit for Code Injection in Pyload
CVE-2023-0297 Unauthenticated Remote Code Exec...
pyLoad js2py Python Execution Exploit
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...
pyLoad js2py Python Execution
pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default...
pyLoad js2py Python Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...
Exploit for Code Injection in Pyload
pyloadCVE-2023-0297poc A code injection vulnerability...
GHSA-WCM6-WV95-7JW6 Cross-site Scripting in pyload-ng
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
GHSA-8V53-23MX-HCF9 Improper Certificate Validation in pyload-ng
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
Cross-site Scripting in pyload-ng
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
Improper Certificate Validation in pyload-ng
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
CVE-2023-0488
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
CVE-2023-0509
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
Input validation
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
CVE-2023-0509 Improper Certificate Validation in pyload/pyload
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
CVE-2023-0488 Cross-site Scripting (XSS) - Stored in pyload/pyload
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
CVE-2023-0509
CVE-2023-0509 affects the Python-based download manager pyload/pyload, with versions prior to 0.5.0b3.dev44 failing to validate TLS certificates. Root cause: improper certificate validation. Impact per sources: high risk to confidentiality and integrity; no availability impact indicated. Affected...
CVE-2023-0488
CVE-2023-0488 is a Stored XSS in pyload/pyload prior to version 0.5.0b3.dev42. Multiple connected sources (PT-2023-16300, CNNVD, Red Hat, GHSA, OSV, NVD/CVE, CVELIST) describe the issue as a stored XSS in the GitHub repository. The vulnerability affects pyload’s web-facing input handling and can ...