Lucene search
K

537 matches found

OSV
OSV
added 2024/09/09 6:17 p.m.41 views

GHSA-R9PP-R4XF-597R pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS5.8AI score0.16513EPSS
Exploits22References5
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.6 views

PT-2024-7641

Name of the Vulnerable Software and Affected Versions pyload-ng version 0.5.0b3.dev85 pyload running under python3.11 or below Description The issue is related to insufficient input validation in the pyload software, allowing a remote attacker to execute arbitrary code by sending a specially...

10CVSS7.8AI score0.16513EPSS
Exploits4References20
NVD
NVD
added 2024/04/26 6:15 p.m.25 views

CVE-2024-32880

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS9.4AI score0.01354EPSS
Exploits1References1
OSV
OSV
added 2024/04/26 5:30 p.m.5 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS8AI score0.01354EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/04/26 5:30 p.m.13 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/26 5:30 p.m.33 views

CVE-2024-32880 pyLoad allows upload to arbitrary folder lead to RCE

pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication...

9.1CVSS9.6AI score0.01354EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.6 views

pyload 安全漏洞

pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. pyload has a security vulnerability. An authenticated user could change the download folder and upload carefully crafted templates to a...

9.1CVSS7.9AI score0.01354EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/04/24 9:16 p.m.132 views

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

9.1CVSS7.1AI score0.01354EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/04/24 9:16 p.m.59 views

GHSA-3F7W-P8VR-4V5F pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

9.1CVSS9.3AI score0.01354EPSS
Exploits1References3
Circl
Circl
added 2024/04/24 8:42 p.m.8 views

CVE-2024-32880

creationtimestamp| type| source ---|---|--- 2024-04-24 20:42:50+00:00| published-proof-of-concept| https://github.com/pyload/pyload/security/advisories/GHSA-3f7w-p8vr-4v5f...

9.1CVSS7.3AI score0.01354EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.6 views

PT-2024-24936

Name of the Vulnerable Software and Affected Versions pyload affected versions not specified Description An authenticated user can achieve remote code execution by changing the download folder and uploading a crafted template to that location. This is possible through the '/json/add package'...

9.1CVSS7.8AI score0.01354EPSS
Exploits1References18
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.7 views

The vulnerability of the software for downloading pyload files, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.

The vulnerability of the software for downloading pyload files is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

10CVSS7.5AI score0.00948EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/02/06 4:15 a.m.43 views

CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

6.1CVSS5.1AI score0.00545EPSS
Exploits1References2
Prion
Prion
added 2024/02/06 4:15 a.m.23 views

Open redirect

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

5.8CVSS7.1AI score0.00545EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/06 3:17 a.m.4 views

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

4.7CVSS6.2AI score0.00545EPSS
Exploits1References2
CVE
CVE
added 2024/02/06 3:17 a.m.57 views

CVE-2024-24808

CVE-2024-24808 affects the pyLoad open-source Download Manager. The issue is an open redirect caused by improper validation in the login redirect flow, specifically how URLs are validated via the get_redirect_url/is_safe_url path. The vulnerability is mitigated by a patch in commit fe94451. Sever...

6.1CVSS6.2AI score0.00545EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/06 3:17 a.m.51 views

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

4.7CVSS6.4AI score0.00545EPSS
Exploits1References2
OSV
OSV
added 2024/02/06 3:17 a.m.33 views

CVE-2024-24808 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

4.7CVSS5.2AI score0.00545EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.4 views

pyLoad Input Validation Error Vulnerability

pyload is a free and open source download manager written in Python and designed to be extremely lightweight, easily scalable and fully manageable over the Web. An input validation error vulnerability exists in pyLoad that stems from incorrect validation of input values when redirecting users aft...

6.1CVSS6.8AI score0.00545EPSS
Exploits1References3
OSV
OSV
added 2024/02/05 11:23 p.m.20 views

GHSA-G3CM-QG2V-2HJ5 pyLoad open redirect vulnerability due to improper validation of the is_safe_url function

Summary Open redirect vulnerability due to incorrect validation of input values when redirecting users after login. Details pyload is validating URLs via the getredirecturl function when redirecting users at login. The URL entered in the next variable goes through the issafeurl function, where a...

6.1CVSS6.2AI score0.00545EPSS
Exploits1References4
Rows per page
Query Builder