Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra zimbra vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41, 9 prior to 9.0.0 Patch 34, and 10 prior to 10.0.2, internal JSP and XML files can be exposed.
Zimbra Zimbra 9.0.0
Zimbra Zimbra 8.8.15
Zimbra Zimbra
Zimbra Zimbra 10.0.1
7.8
CVSSv3
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
6.1
CVSSv3
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Zimbra Zimbra 8.8.15
Zimbra Zimbra
1 Github repository
NA
CVE-2013-7217
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and previous versions, and 8.0.x up to and including 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
Zimbra Collaboration Server 8.0.3
Zimbra Collaboration Server 8.0.2
Zimbra Collaboration Server 7.2.0
Zimbra Collaboration Server 7.1.4
Zimbra Collaboration Server 8.0.1
Zimbra Collaboration Server 8.0.0
Zimbra Collaboration Server 7.1.3
Zimbra Collaboration Server 7.1.2
Zimbra Collaboration Server
Zimbra Collaboration Server 7.2.4
Zimbra Collaboration Server 7.2.3
Zimbra Collaboration Server 7.1.1
Zimbra Collaboration Server 7.1.0
Zimbra Collaboration Server 7.0.1
Zimbra Collaboration Server 8.0.5
Zimbra Collaboration Server 8.0.4
Zimbra Collaboration Server 7.2.2
Zimbra Collaboration Server 7.2.1
Zimbra Collaboration Server 7.0.0
6.5
CVSSv3
CVE-2018-10951
mailboxd in Zimbra Collaboration Suite 8.8 prior to 8.8.8; 8.7 prior to 8.7.11.Patch3; and 8.6 prior to 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Zimbra Zimbra Collaboration Suite 8.6
Zimbra Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
NA
CVE-2013-5119
Zimbra Collaboration Suite (ZCS) 6.0.16 and previous versions allows man-in-the-middle malicious users to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
Synacor Zimbra Collaboration Suite 6.0.14
Synacor Zimbra Collaboration Suite 6.0.12
Synacor Zimbra Collaboration Suite 6.0.9
Synacor Zimbra Collaboration Suite 6.0.4
Synacor Zimbra Collaboration Suite 6.0.2
Synacor Zimbra Collaboration Suite 6.0.8
Synacor Zimbra Collaboration Suite 6.0.7
Synacor Zimbra Collaboration Suite 6.0.6
Synacor Zimbra Collaboration Suite 6.0.5
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 6.0.15
Synacor Zimbra Collaboration Suite 6.0.0
Synacor Zimbra Collaboration Suite 6.0.13
Synacor Zimbra Collaboration Suite 6.0.10
Synacor Zimbra Collaboration Suite 6.0.3
Synacor Zimbra Collaboration Suite 6.0.1
NA
CVE-2013-7091
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbit...
Synacor Zimbra Collaboration Suite 6.0.0
Synacor Zimbra Collaboration Suite 6.0.2
Synacor Zimbra Collaboration Suite 6.0.3
Synacor Zimbra Collaboration Suite 6.0.1
Synacor Zimbra Collaboration Suite 6.0.10
Synacor Zimbra Collaboration Suite 6.0.12
Synacor Zimbra Collaboration Suite 6.0.4
Synacor Zimbra Collaboration Suite 6.0.5
Synacor Zimbra Collaboration Suite 6.0.13
Synacor Zimbra Collaboration Suite 6.0.14
Synacor Zimbra Collaboration Suite 6.0.6
Synacor Zimbra Collaboration Suite 6.0.7
Synacor Zimbra Collaboration Suite 6.0.15
Synacor Zimbra Collaboration Suite 6.0.16
Synacor Zimbra Collaboration Suite 6.0.8
Synacor Zimbra Collaboration Suite 6.0.9
2 EDB exploits
1 Nmap script
1 Github repository
1 Article
8.8
CVSSv3
CVE-2015-7610
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) prior to 8.6.0 Patch 10, 8.7.x prior to 8.7.11 Patch 2, and 8.8.x prior to 8.8.8 Patch 1 allows remote malicious users to hijack the authentication of unspecified victims by ...
Zimbra Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.11
6.1
CVSSv3
CVE-2018-10939
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 prior to 8.8.8.Patch4 and 8.7 prior to 8.7.11.Patch4 has Persistent XSS via a contact group.
Synacor Zimbra Collaboration Suite 8.8.8
Zimbra Zimbra Collaboration Suite 8.8.8
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
7.5
CVSSv3
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »