EUVD-2025-200225

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

PT-2025-48680

Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description An unauthenticated attacker can determine if a user exists on the system. This is achieved by utilizing the pda:userId and pda:newPassword parameters with the 'soapaction UnlockUser’ within the...

EUVD-2020-29815

Malware in sbrugna...

CVE-2020-8985

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...

ZendTo Reflective Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities

ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A reflected cross-site scripting and cross-site request forgery vulnerability exists in the unlock.tpl unlock user feature in ZendTo prior to version 5.22-2...

CVE-2020-8985

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...

CVE-2020-8985

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...