16 matches found
EUVD-2022-33361
Malicious code in bioql PyPI...
CVE-2022-28927
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
CVE-2020-35579
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%=%URL%=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and...
CVE-2022-28927
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
CVE-2022-28927
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
CVE-2022-28927
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
Remote code execution
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
CVE-2022-28927
The CVE-2022-28927 entry covers a remote code execution in Subconverter v0.7.2. The vulnerability arises from crafted config and URL parameters that allow an attacker to run arbitrary code on the affected system. The available connected documents confirm the affected software/version and the impa...
CVE-2022-28927
A remote code execution RCE vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters...
Subconverter 代码问题漏洞
Tindy2013 Subconverter is a C++-based proxy subscription software by the individual developer of Tindy2013. A security vulnerability exists in Subconverter version v0.7.2, which can be exploited by attackers to execute arbitrary code via specially crafted configuration and URL parameters...
CVE-2020-35579
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...
CVE-2020-35579
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...
Cross site request forgery (csrf)
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...
CVE-2020-35579
CVE-2020-35579 affects tindy2013 subconverter 0.6.4. The API endpoint /sub?target=%TARGET%&url=%URL%&config=%CONFIG% accepts an arbitrary URL value and issues a GET request for it, but does not account for the external request target redirecting back to the original /sub endpoint. This can create...
CVE-2020-35579
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...
Tindy2013 Subconverter Security Vulnerability
Tindy2013 Subconverter is a C++ based proxy subscription software by the individual developer of Tindy2013. A security vulnerability exists in Tindy2013 Subconverter version 0.6.4, which can lead to request loops and denial of service...