Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
9.8
CVSSv3
CVE-2014-8563
Synacor Zimbra Collaboration prior to 8.0.9 allows plaintext command injection during STARTTLS.
Synacor Zimbra Collaboration Server
8.8
CVSSv3
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
7.8
CVSSv3
CVE-2023-24032
In Zimbra Collaboration Suite up to and including 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
7.5
CVSSv3
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
7.5
CVSSv3
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
6.1
CVSSv3
CVE-2019-15313
In Zimbra Collaboration prior to 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.15
6.1
CVSSv3
CVE-2019-8945
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.11
6.1
CVSSv3
CVE-2019-8946
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.11
6.1
CVSSv3
CVE-2019-8947
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »