5 matches found
ZendTo IP Address Spoofing Vulnerability
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. An IP address spoofing vulnerability exists in lib/NSSDropbox.php in versions prior to ZendTo 5.22-2 Beta. An attacker can exploit this vulnerability via the...
ZendTo Elevation of Privilege Vulnerability
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. An elevation of privilege vulnerability exists in versions prior to ZendTo 5.22-2 Beta. The vulnerability stems from lib/NSSDropbox.php in ZendTo failing to...
CVE-2020-8986
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests...
Code injection
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests...
CVE-2020-8986
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests...