Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 9.0.0 vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
7.8
CVSSv3
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
6.1
CVSSv3
CVE-2022-41348
An issue exists in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.
Zimbra Collaboration 9.0.0
6.1
CVSSv3
CVE-2022-45911
An issue exists in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they ...
Zimbra Collaboration 9.0.0
6.1
CVSSv3
CVE-2023-24031
An issue exists in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.
Zimbra Collaboration 9.0.0
6.1
CVSSv3
CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated malicious users to execute arbitrary web script or HTML via request parameters.
Zimbra Collaboration 9.0.0
2 Articles
7.5
CVSSv3
CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41, 9 prior to 9.0.0 Patch 34, and 10 prior to 10.0.2, internal JSP and XML files can be exposed.
Zimbra Zimbra 9.0.0
Zimbra Zimbra 8.8.15
Zimbra Zimbra
Zimbra Zimbra 10.0.1
7.8
CVSSv3
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
Synacor Zimbra Collaboration Suite
7.5
CVSSv3
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
NA
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Gnu Cpio 2.11
1 Metasploit module
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »