Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-34807
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite up to and including 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker c...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
5
CVSSv2
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
5
CVSSv2
CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated malicious user to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Github repository
1 Article
5
CVSSv2
CVE-2020-8633
An issue exists in Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
5
CVSSv2
CVE-2018-15131
An issue exists in Synacor Zimbra Collaboration Suite 8.6.x prior to 8.6.0 Patch 11, 8.7.x prior to 8.7.11 Patch 6, 8.8.x prior to 8.8.8 Patch 9, and 8.8.9 prior to 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authenticati...
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite 8.8.8
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.9
1 Github repository
5
CVSSv2
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
5
CVSSv2
CVE-2018-17938
Zimbra Collaboration prior to 8.8.10 GA allows text content spoofing via a loginErrorCode value.
Synacor Zimbra Collaboration Suite
5
CVSSv2
CVE-2018-10950
mailboxd in Zimbra Collaboration Suite 8.8 prior to 8.8.8; 8.7 prior to 8.7.11.Patch3; and 8.6 prior to 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.11
5
CVSSv2
CVE-2018-10949
mailboxd in Zimbra Collaboration Suite 8.8 prior to 8.8.8; 8.7 prior to 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Collaboration Suite
1 Github repository
5
CVSSv2
CVE-2016-3402
Unspecified vulnerability in Zimbra Collaboration prior to 8.7.0 allows remote malicious users to affect confidentiality via unknown vectors, aka bug 99167.
Synacor Zimbra Collaboration Suite
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »