CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29748
https://notcve.org/view.php?id=CVE-2023-29748
01 Jun 2023 — Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. Story Saver para Instagram - Vídeo Downloader v... • https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29747
https://notcve.org/view.php?id=CVE-2023-29747
31 May 2023 — Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions. • https://apksos.com/app/story.saver.downloader.photo.video.repost.byrk •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-18893
https://notcve.org/view.php?id=CVE-2019-18893
13 Jan 2020 — XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways. Una vulnerabilidad de tipo XSS en el componente V... • https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 23%CPEs: 1EXPL: 1CVE-2017-15956 – ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2017-15956
29 Oct 2017 — ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. ConverTo Video Downloader & Converter 1.4.1 permite la subida de archivos arbitrarios mediante el parámetro token en download.php. • https://www.exploit-db.com/exploits/42927 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6971
https://notcve.org/view.php?id=CVE-2014-6971
16 Oct 2014 — The Easy Video Downloader (aka com.simon.padillar.EasyVideo) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Easy Video Downloader (también conocida como com.simon.padillar.EasyVideo) 4.4.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener informac... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •