📦 Zimaos

This vulnerability allows authentication bypass in ZimaOS by exploiting improper password validation for system service accounts. Attackers can gain authenticated access by providing any password when...

This vulnerability allows attackers to bypass frontend restrictions and create files or directories in sensitive system locations like /etc and /usr via direct API calls. It affects ZimaOS users runni...

This vulnerability allows authenticated local users in ZimaOS to craft requests targeting internal IP addresses and services, potentially accessing HTTP/HTTPS services not meant to be exposed. It affe...

This vulnerability allows any user with localhost access to upload files as root on ZimaOS systems. It affects all versions up to 1.4.1, enabling privilege escalation and potential system compromise. ...

This vulnerability allows authenticated users to perform directory traversal attacks via the /v2_1/file API endpoint in ZimaOS, enabling them to list contents of any directory on the server including ...

ZimaOS versions 1.2.4 and earlier expose sensitive system and application data through unauthenticated API endpoints. Attackers can access detailed information about installed applications and system ...

This vulnerability allows authenticated users of ZimaOS to read arbitrary files on the system by manipulating the 'files' parameter in the API endpoint. Attackers can access sensitive files like /etc/...

This vulnerability in ZimaOS allows any user with localhost access to read arbitrary files as the root user through the /v2_1/files/file/download endpoint. It affects ZimaOS version 1.4.1 and earlier,...