17 matches found
EUVD-2013-6610
Malware in sbrugna...
EUVD-2020-29814
Malware in sbrugna...
EUVD-2021-34675
Malicious code in bioql PyPI...
CVE-2025-34508
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
CVE-2025-34508
CVE-2025-34508 concerns ZendTo. The vulnerability is a path traversal in the file dropoff feature affecting ZendTo versions 6.15-7 and earlier. It could allow a remote, authenticated attacker to access other ZendTo users’ files, retrieve host-system files, or cause a denial of service. The root c...
CVE-2025-34508 ZendTo < 6.15-8 Path Traversal
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service...
PT-2025-24614 · Zendto · Zendto
Name of the Vulnerable Software and Affected Versions: Zend.To versions 6.10-6 Beta and earlier Description: A critical vulnerability has been found in Zend.To, affecting the function exec of the file NSSDropoff.php. The manipulation of the argument file 1 leads to os command injection. The attac...
CVE-2025-32352
A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2025-32352
ZendTo prior to version 5.04-7 contains a type confusion in lib/NSSAuthenticator.php that can allow remote attackers to bypass authentication for users whose passwords are stored as MD5 hashes that can be interpreted as numbers. The described remediation is to move from MD5 to bcrypt. Public refe...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
CVE-2021-47667
An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmpname parameter when dropping off a file via a POST /dropoff request...
PT-2025-15052 · Zendto · Zendto
Name of the Vulnerable Software and Affected Versions: ZendTo versions 5.24-3 through 6.x before 6.10-7 Description: An OS command injection issue in lib/NSSDropoff.php allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp name parameter when...
CVE-2021-47667
The CVE-2021-47667 vulnerability affects ZendTo (versions 5.24-3 through 6.x before 6.10-7). It is an OS command injection in lib/NSSDropoff.php that allows unauthenticated remote attackers to run arbitrary commands via shell metacharacters in the tmp_name parameter during a POST /dropoff. Impact...
ZendTo Cross-Site Scripting Vulnerability
ZendTo is a completely free web-based system that lets you conveniently send or receive files with no limit on file size and faster speeds. A cross-site scripting vulnerability exists in versions prior to ZendTo 6.06-4 Beta during the display of drop-down menus with file names containing unexpect...