CVE-2024-21645 – pyLoad Log Injection
https://notcve.org/view.php?id=CVE-2024-21645
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77. pyLoad es el administrador de descargas gratuito y de código abierto escrito en Python puro. Se identificó una vulnerabilidad de inyección de registros en "pyload" que permite a cualquier actor no autenticado inyectar mensajes arbitrarios en los registros recopilados por "pyload". • https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2023-47890
https://notcve.org/view.php?id=CVE-2023-47890
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. pyLoad 0.5.0 es vulnerable a la carga de archivos sin restricciones. • http://pyload.com https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-0509 – Improper Certificate Validation in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0509
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Validación de certificado incorrecta en pyload/pyload del repositorio de GitHub antes de 0.5.0b3.dev44. • https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839 • CWE-295: Improper Certificate Validation •
CVE-2023-0488 – Cross-site Scripting (XSS) - Stored in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0488
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Cross site scripting (XSS): almacenado en el repositorio de GitHub pyload/pyload anterior a 0.5.0b3.dev42. • https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0434 – Improper Input Validation in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0434
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Validación de entrada incorrecta en pyload/pyload del repositorio de GitHub antes de 0.5.0b3.dev40. • https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104 https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4 • CWE-20: Improper Input Validation •