21 matches found
CVE-2026-7158
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
GHSA-H7XC-4MV8-59FJ mcp-url-downloader has a Server-Side Request Forgery issue
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
mcp-url-downloader has a Server-Side Request Forgery issue
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
CVE-2026-7158
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
CVE-2026-7158
The CVE-2026-7158 entry concerns the dmitryglhf mcp-url-downloader project. The vulnerability affects the function _validate_url_safe in src/mcp_url_downloader/server.py and is triggered by manipulating the url argument, resulting in server-side request forgery (SSRF). The issue is exploitable re...
EUVD-2026-25925
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...
MCP URL Downloader 代码问题漏洞
MCP URL Downloader is an AI assistant tool developed by Dmitry Gilemkhanov, which allows downloading files from URLs to a local device. Versions of MCP URL Downloader 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling ...
Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
GHSA-CH68-5R37-P7C3 Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
IA WebMail 3.x - (iaregdll.dll version 1.0.0.5) Remote Exploit
No description provided by source. !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellcode included - will need...
CVE-2014-0218
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0218
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0218
Cross-site scripting XSS vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0218
Moodle XSS in the URL downloader (repository/url/lib.php) allows remote attackers to inject arbitrary web script or HTML. Affected: Moodle up to 2.3.11; 2.4.x before 2.4.10; 2.5.x before 2.5.6; 2.6.x before 2.6.3. Root cause: unspecified vectors. Impact: potential arbitrary script execution in af...
C6 Messenger Installation Url Downloader ActiveX code execution
It's possible to download and execute file. Vulnerability is used in-the-wild for hidden trojan code installation...
IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit
No description provided by source. !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit Application Specific Shellcode: URL Downloader - www elitehaven net/ncat.exe downloaded - c:\nc.exe created By Peter Winter-Smith peter4020 hotmail com Shellcode included - will need...
IA WebMail 3.x (iaregdll.dll version 1.0.0.5) Remote Exploit
Exploit for unknown platform in category remote exploits ============================================================ IA WebMail 3.x iaregdll.dll version 1.0.0.5 Remote Exploit ============================================================ !/usr/bin/perl -w IA WebMail 3.x iaregdll.dll version 1.0.0...