CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29748
https://notcve.org/view.php?id=CVE-2023-29748
Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. Story Saver para Instagram - Vídeo Downloader v1.0.6 para Android tiene un componente expuesto que proporciona un método para modificar el archivo "SharedPreference". Un atacante puede aprovechar este método para inyectar una gran cantidad de datos en cualquier archivo "SharedPreference", que se cargará en la memoria cuando se abra la aplicación. • https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29748/CVE%20detail.md https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi https://www.instagram.com/nihans_macrame •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29747
https://notcve.org/view.php?id=CVE-2023-29747
Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. • https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29747/CVE%20detail.md https://www.instagram.com/nihans_macrame •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-18893
https://notcve.org/view.php?id=CVE-2019-18893
XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways. Una vulnerabilidad de tipo XSS en el componente Video Downloader versiones anteriores a la versión 1.5 del Avast Secure Browser versión 77.1.1831.91 y AVG Secure Browser versión 77.0.1790.77, permite a los sitios web ejecutar su código en el contexto de este componente. Aunque Video Downloader es técnicamente una extensión del navegador, se le otorga un rango muy amplio de privilegios y puede, por ejemplo, acceder a cookies y al historial de navegación, espiar al usuario mientras navega en la web y alterar su experiencia de navegación en modos casi arbitrarios. • https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15956 – ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-15956
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. ConverTo Video Downloader & Converter 1.4.1 permite la subida de archivos arbitrarios mediante el parámetro token en download.php. • https://www.exploit-db.com/exploits/42927 https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6971
https://notcve.org/view.php?id=CVE-2014-6971
The Easy Video Downloader (aka com.simon.padillar.EasyVideo) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Easy Video Downloader (también conocida como com.simon.padillar.EasyVideo) 4.4.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/921561 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •