65 matches found
CVE-2021-27888
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...
EUVD-2021-14625
Malware in sbrugna...
EUVD-2013-6610
Malware in sbrugna...
EUVD-2020-29815
Malware in sbrugna...
EUVD-2020-29816
Malware in sbrugna...
EUVD-2020-29814
Malware in sbrugna...
EUVD-2021-34675
Malicious code in bioql PyPI...
EUVD-2025-18507
Malicious code in bioql PyPI...
EUVD-2025-9909
Malicious code in bioql PyPI...
CVE-2025-34508
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508
CVE-2025-34508 concerns ZendTo. The vulnerability is a path traversal in the file dropoff feature affecting ZendTo versions 6.15-7 and earlier. It could allow a remote, authenticated attacker to access other ZendTo users’ files, retrieve host-system files, or cause a denial of service. The root c...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
ZendTo 路径遍历漏洞
ZendTo is a Web-based file transfer system from ZendTo, a UK-based company. A security vulnerability exists in ZendTo versions 6.15-7 and earlier, which stems from a path traversal in the file drop feature that could lead to retrieval of other user files or host system files, or cause a denial of...
ZendTo 安全漏洞
ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...
PT-2025-24614 · Zendto · Zendto
Name of the Vulnerable Software and Affected Versions: Zend.To versions 6.10-6 Beta and earlier Description: A critical vulnerability has been found in Zend.To, affecting the function exec of the file NSSDropoff.php. The manipulation of the argument file 1 leads to os command injection. The attac...
CVE-2020-8985
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...
CVE-2020-8986
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests...
CVE-2020-8984
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header...