66 matches found
CVE-2021-27888
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters...
EUVD-2020-29816
Malware in sbrugna...
EUVD-2021-14625
Malware in sbrugna...
EUVD-2013-6610
Malware in sbrugna...
EUVD-2020-29815
Malware in sbrugna...
EUVD-2020-29814
Malware in sbrugna...
EUVD-2025-9909
Malicious code in bioql PyPI...
EUVD-2025-18507
Malicious code in bioql PyPI...
EUVD-2021-34675
Malicious code in bioql PyPI...
CVE-2025-34508
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
The vulnerability in the ZendTo web application for transferring files involves an incorrect restriction on the path to the restricted directory. This allows a malicious actor to gain read and write access to data, or cause a service failure.
The vulnerability in the web application for transferring files via ZendTo is related to an incorrect restriction on the path to the restricted directory during the processing of the tmpname parameter. Exploiting this vulnerability can allow an attacker to gain read and modify access to data, or...
CVE-2025-34508
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508
CVE-2025-34508 concerns ZendTo. The vulnerability is a path traversal in the file dropoff feature affecting ZendTo versions 6.15-7 and earlier. It could allow a remote, authenticated attacker to access other ZendTo users’ files, retrieve host-system files, or cause a denial of service. The root c...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
ZendTo 路径遍历漏洞
ZendTo is a Web-based file transfer system from ZendTo, a UK-based company. A security vulnerability exists in ZendTo versions 6.15-7 and earlier, which stems from a path traversal in the file drop feature that could lead to retrieval of other user files or host system files, or cause a denial of...
ZendTo 安全漏洞
ZendTo is a web-based file transfer system from ZendTo Inc. A security vulnerability exists in ZendTo 6.10-6 Beta and earlier versions, which stems from an os command injection due to the misbehavior of the parameter file1 in the file NSSDropoff.php...
PT-2025-24614 · Zendto · Zendto
Name of the Vulnerable Software and Affected Versions: Zend.To versions 6.10-6 Beta and earlier Description: A critical vulnerability has been found in Zend.To, affecting the function exec of the file NSSDropoff.php. The manipulation of the argument file 1 leads to os command injection. The attac...
CVE-2020-8985
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality...
CVE-2020-8986
lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests...