CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0509 – Improper Certificate Validation in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0509
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Validación de certificado incorrecta en pyload/pyload del repositorio de GitHub antes de 0.5.0b3.dev44. • https://github.com/pyload/pyload/commit/a9098bdf7406e6faf9df3da6ff2d584e90c13bbb https://huntr.dev/bounties/a370e0c2-a41c-4871-ad91-bc6f31a8e839 • CWE-295: Improper Certificate Validation •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0488 – Cross-site Scripting (XSS) - Stored in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0488
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Cross site scripting (XSS): almacenado en el repositorio de GitHub pyload/pyload anterior a 0.5.0b3.dev42. • https://github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd https://huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0434 – Improper Input Validation in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0434
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Validación de entrada incorrecta en pyload/pyload del repositorio de GitHub antes de 0.5.0b3.dev40. • https://github.com/pyload/pyload/commit/a2b1eb1028f45ac58dea5f58593c1d3db2b4a104 https://huntr.dev/bounties/7d9332d8-6997-483b-9fb9-bcf2ae01dad4 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0435 – Excessive Attack Surface in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0435
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Superficie de ataque excesiva en pyload/pyload del repositorio de GitHub anterior a 0.5.0b3.dev41. • https://github.com/pyload/pyload/commit/431ea6f0371d748df66b344a05ca1a8e0310cff3 https://huntr.dev/bounties/a3e32ad5-caee-4f43-b10a-4a876d4e3f1d • CWE-1125: Excessive Attack Surface •
CVSS: 9.8EPSS: 58%CPEs: 1EXPL: 5CVE-2023-0297 – Code Injection in pyload/pyload
https://notcve.org/view.php?id=CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and can not be used by external hosts. A secondary Click N Load service runs on port 9666 and can be used remotely without authentication. • https://www.exploit-db.com/exploits/51532 https://github.com/Small-ears/CVE-2023-0297 https://github.com/JacobEbben/CVE-2023-0297 https://github.com/overgrowncarrot1/CVE-2023-0297 http://packetstormsecurity.com/files/171096/pyLoad-js2py-Python-Execution.html http://packetstormsecurity.com/files/172914/PyLoad-0.5.0-Remote-Code-Execution.html https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65 • CWE-94: Improper Control of Generation of Code ('Code Injection') •