Search Results | AttackerKB

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2020-8984

Disclosure Date: March 24, 2020 (last updated February 21, 2025)

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header.

Attacker Value

Unknown

CVE-2020-8986

Disclosure Date: March 24, 2020 (last updated February 21, 2025)

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-8985

Disclosure Date: March 24, 2020 (last updated February 21, 2025)

ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2013-6808

Disclosure Date: December 28, 2013 (last updated October 05, 2023)

Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.

4 Total Results

Displaying 1-4 of 4

Unknown

CVE-2020-8984

Unknown

CVE-2020-8986

Unknown

CVE-2020-8985

Unknown

CVE-2013-6808

Quick Cookie Notification