Lucene search
K

66 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.10 views

CVE-2020-8984

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-25657

Name of the Vulnerable Software and Affected Versions ZendTo versions 6.15 through 7 ZendTo version 6.15-8 fixed version Description A path traversal vulnerability exists in the file dropoff functionality of ZendTo. This flaw allows attackers to bypass security controls to access or modify...

6.5CVSS6.4AI score0.6424EPSS
Exploits0References42
RedhatCVE
RedhatCVE
added 2025/04/07 12:17 a.m.24 views

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

4.8CVSS7.1AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/07 12:16 a.m.17 views

CVE-2021-47667

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...

10CVSS8.6AI score0.29766EPSS
Exploits0References3
NVD
NVD
added 2025/04/05 5:15 a.m.15 views

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

4.8CVSS0.00312EPSS
Exploits0References1
NVD
NVD
added 2025/04/05 5:15 a.m.15 views

CVE-2021-47667

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...

10CVSS0.29766EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 12:0 a.m.57 views

CVE-2025-32352

ZendTo prior to version 5.04-7 contains a type confusion in lib/NSSAuthenticator.php that can allow remote attackers to bypass authentication for users whose passwords are stored as MD5 hashes that can be interpreted as numbers. The described remediation is to move from MD5 to bcrypt. Public refe...

4.8CVSS5.4AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/05 12:0 a.m.9 views

CVE-2021-47667

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...

10CVSS10AI score0.29766EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/05 12:0 a.m.20 views

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

4.8CVSS0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/05 12:0 a.m.5 views

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo, Inc. A security vulnerability exists in ZendTo versions prior to 5.04-7 that stems from type obfuscation and could lead to bypassing the authentication of users of an MD5 hash store...

4.8CVSS6.7AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/05 12:0 a.m.7 views

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

4.8CVSS7.1AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/05 12:0 a.m.67 views

CVE-2021-47667

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...

10CVSS0.29766EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/05 12:0 a.m.6 views

ZendTo 安全漏洞

ZendTo is a web-based file transfer system from ZendTo, Inc. A security vulnerability exists in ZendTo versions 5.24-3 through prior to 6.10-7, which stems from the presence of shell metacharacters in the tmpname parameter, and could lead to the execution of arbitrary commands by an...

10CVSS7.1AI score0.29766EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.4 views

PT-2025-15052 · Zendto · Zendto

Name of the Vulnerable Software and Affected Versions: ZendTo versions 5.24-3 through 6.x before 6.10-7 Description: An OS command injection issue in lib/NSSDropoff.php allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp name parameter when...

10CVSS8.2AI score0.29766EPSS
Exploits0References9
CVE
CVE
added 2025/04/05 12:0 a.m.78 views

CVE-2021-47667

The CVE-2021-47667 vulnerability affects ZendTo (versions 5.24-3 through 6.x before 6.10-7). It is an OS command injection in lib/NSSDropoff.php that allows unauthenticated remote attackers to run arbitrary commands via shell metacharacters in the tmp_name parameter during a POST /dropoff. Impact...

10CVSS10AI score0.29766EPSS
Exploits0References1
OSV
OSV
added 2021/03/02 1:15 a.m.2 views

CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

6.1CVSS6.4AI score0.00624EPSS
Exploits0References1
NVD
NVD
added 2021/03/02 1:15 a.m.20 views

CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

6.1CVSS0.00624EPSS
Exploits0References1
Prion
Prion
added 2021/03/02 1:15 a.m.16 views

Cross site scripting

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

4.3CVSS5.9AI score0.00624EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/02 12:4 a.m.74 views

CVE-2021-27888

CVE-2021-27888 affects ZendTo prior to version 6.06-4 Beta. The issue is a cross-site scripting (XSS) vulnerability triggered during the display of a drop-off when a filename contains unexpected characters. Connected sources consistently describe the same flaw across multiple aggregations. The su...

6.1CVSS5.9AI score0.00624EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/02 12:4 a.m.20 views

CVE-2021-27888

ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...

6.2AI score0.00624EPSS
Exploits0References1
Rows per page
Query Builder