Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra zimbra vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41, 9 prior to 9.0.0 Patch 34, and 10 prior to 10.0.2, internal JSP and XML files can be exposed.
Zimbra Zimbra 9.0.0
Zimbra Zimbra 8.8.15
Zimbra Zimbra
Zimbra Zimbra 10.0.1
NA
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
1 Github repository
NA
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Zimbra Zimbra 8.8.15
Zimbra Zimbra
1 Github repository
10
CVSSv2
CVE-2013-7217
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and previous versions, and 8.0.x up to and including 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
Zimbra Collaboration Server 8.0.3
Zimbra Collaboration Server 8.0.2
Zimbra Collaboration Server 7.2.0
Zimbra Collaboration Server 7.1.4
Zimbra Collaboration Server 8.0.1
Zimbra Collaboration Server 8.0.0
Zimbra Collaboration Server 7.1.3
Zimbra Collaboration Server 7.1.2
Zimbra Collaboration Server
Zimbra Collaboration Server 7.2.4
Zimbra Collaboration Server 7.2.3
Zimbra Collaboration Server 7.1.1
Zimbra Collaboration Server 7.1.0
Zimbra Collaboration Server 7.0.1
Zimbra Collaboration Server 8.0.5
Zimbra Collaboration Server 8.0.4
Zimbra Collaboration Server 7.2.2
Zimbra Collaboration Server 7.2.1
Zimbra Collaboration Server 7.0.0
4
CVSSv2
CVE-2018-10951
mailboxd in Zimbra Collaboration Suite 8.8 prior to 8.8.8; 8.7 prior to 8.7.11.Patch3; and 8.6 prior to 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
Zimbra Zimbra Collaboration Suite 8.6
Zimbra Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
6.8
CVSSv2
CVE-2013-5119
Zimbra Collaboration Suite (ZCS) 6.0.16 and previous versions allows man-in-the-middle malicious users to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
Synacor Zimbra Collaboration Suite 6.0.14
Synacor Zimbra Collaboration Suite 6.0.12
Synacor Zimbra Collaboration Suite 6.0.9
Synacor Zimbra Collaboration Suite 6.0.4
Synacor Zimbra Collaboration Suite 6.0.2
Synacor Zimbra Collaboration Suite 6.0.8
Synacor Zimbra Collaboration Suite 6.0.7
Synacor Zimbra Collaboration Suite 6.0.6
Synacor Zimbra Collaboration Suite 6.0.5
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 6.0.15
Synacor Zimbra Collaboration Suite 6.0.0
Synacor Zimbra Collaboration Suite 6.0.13
Synacor Zimbra Collaboration Suite 6.0.10
Synacor Zimbra Collaboration Suite 6.0.3
Synacor Zimbra Collaboration Suite 6.0.1
5
CVSSv2
CVE-2013-7091
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbit...
Synacor Zimbra Collaboration Suite 6.0.0
Synacor Zimbra Collaboration Suite 6.0.2
Synacor Zimbra Collaboration Suite 6.0.3
Synacor Zimbra Collaboration Suite 6.0.1
Synacor Zimbra Collaboration Suite 6.0.10
Synacor Zimbra Collaboration Suite 6.0.12
Synacor Zimbra Collaboration Suite 6.0.4
Synacor Zimbra Collaboration Suite 6.0.5
Synacor Zimbra Collaboration Suite 6.0.13
Synacor Zimbra Collaboration Suite 6.0.14
Synacor Zimbra Collaboration Suite 6.0.6
Synacor Zimbra Collaboration Suite 6.0.7
Synacor Zimbra Collaboration Suite 6.0.15
Synacor Zimbra Collaboration Suite 6.0.16
Synacor Zimbra Collaboration Suite 6.0.8
Synacor Zimbra Collaboration Suite 6.0.9
2 EDB exploits
1 Nmap script
1 Github repository
1 Article
5
CVSSv2
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
6.8
CVSSv2
CVE-2015-7610
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) prior to 8.6.0 Patch 10, 8.7.x prior to 8.7.11 Patch 2, and 8.8.x prior to 8.8.8 Patch 1 allows remote malicious users to hijack the authentication of unspecified victims by ...
Zimbra Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.11
4.3
CVSSv2
CVE-2018-10939
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 prior to 8.8.8.Patch4 and 8.7 prior to 8.7.11.Patch4 has Persistent XSS via a contact group.
Synacor Zimbra Collaboration Suite 8.8.8
Zimbra Zimbra Collaboration Suite 8.8.8
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »