Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
6.8
CVSSv2
CVE-2015-7610
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) prior to 8.6.0 Patch 10, 8.7.x prior to 8.7.11 Patch 2, and 8.8.x prior to 8.8.8 Patch 1 allows remote malicious users to hijack the authentication of unspecified victims by ...
Zimbra Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.11
6.8
CVSSv2
CVE-2016-3403
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration prior to 8.6.0 Patch 8 allow remote malicious users to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging f...
Synacor Zimbra Collaboration Suite
6.8
CVSSv2
CVE-2016-3406
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration prior to 8.7.0 allow remote malicious users to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 1042...
Synacor Zimbra Collaboration Suite
6.8
CVSSv2
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
6.8
CVSSv2
CVE-2013-5119
Zimbra Collaboration Suite (ZCS) 6.0.16 and previous versions allows man-in-the-middle malicious users to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
Synacor Zimbra Collaboration Suite 6.0.14
Synacor Zimbra Collaboration Suite 6.0.12
Synacor Zimbra Collaboration Suite 6.0.9
Synacor Zimbra Collaboration Suite 6.0.4
Synacor Zimbra Collaboration Suite 6.0.2
Synacor Zimbra Collaboration Suite 6.0.8
Synacor Zimbra Collaboration Suite 6.0.7
Synacor Zimbra Collaboration Suite 6.0.6
Synacor Zimbra Collaboration Suite 6.0.5
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 6.0.15
Synacor Zimbra Collaboration Suite 6.0.0
Synacor Zimbra Collaboration Suite 6.0.13
Synacor Zimbra Collaboration Suite 6.0.10
Synacor Zimbra Collaboration Suite 6.0.3
Synacor Zimbra Collaboration Suite 6.0.1
6.5
CVSSv2
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
13 Github repositories
1 Article
6.4
CVSSv2
CVE-2016-3415
Zimbra Collaboration prior to 8.7.0 allows remote malicious users to conduct deserialization attacks via unspecified vectors, aka bug 102276.
Synacor Zimbra Collaboration Suite
6
CVSSv2
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
5.8
CVSSv2
CVE-2020-18985
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows malicious users to redirect users to any arbitrary website of their choosing.
Synacor Zimbra Collaboration Suite 8.8.12
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »