23 matches found
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
EUVD-2021-14309
Malware in sbrugna...
EUVD-2020-20651
Malware in sbrugna...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
Code injection
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
Cross site scripting
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27558
A cross site scripting XSS issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator...
CVE-2021-27558
ZenTao (EasyCorp) 12.5.3 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to run arbitrary web scripts via multiple areas, including data-link-creator. The root cause is not explicitly detailed in the provided documents beyond the XSS vector; affected compone...
CVE-2021-27557
The CVE-2021-27557 entry describes a CSRF vulnerability in the Cron job tab of EasyCorp ZenTao 12.5.3, allowing an attacker to update fields of a Cron job. The issue is confirmed across multiple sources (NVD, Red Hat, OSV) as a CSRF flaw in ZenTao 12.5.3. The root cause is cross-site request forg...
CVE-2021-27557
A cross-site request forgery CSRF vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job...
CVE-2021-27556
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers who have admin access to execute arbitrary code by setting the type parameter to System...
CVE-2021-27556
CVE-2021-27556 concerns EasyCorp ZenTao 12.5.3, where the Cron job tab can be abused by an admin to set the type parameter to System and execute arbitrary code. The underlying issue is a parameter handling flaw in the Cron tab that enables remote code execution. Documents consistently describe co...
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...
CVE-2020-28165
The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...