Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 8.8.15 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-41350
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
Zimbra Collaboration 8.8.15
6.1
CVSSv3
CVE-2022-41351
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
Zimbra Collaboration 8.8.15
9.8
CVSSv3
CVE-2022-32294
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
Zimbra Collaboration 8.8.15
8
CVSSv3
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
7.8
CVSSv3
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
1 Github repository
6.1
CVSSv3
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Zimbra Zimbra 8.8.15
Zimbra Zimbra
1 Github repository
7.5
CVSSv3
CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41, 9 prior to 9.0.0 Patch 34, and 10 prior to 10.0.2, internal JSP and XML files can be exposed.
Zimbra Zimbra 9.0.0
Zimbra Zimbra 8.8.15
Zimbra Zimbra
Zimbra Zimbra 10.0.1
4.8
CVSSv3
CVE-2019-12427
Zimbra Collaboration prior to 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
Zimbra Collaboration Server
6.1
CVSSv3
CVE-2023-24031
An issue exists in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.
Zimbra Collaboration 9.0.0
NA
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Gnu Cpio 2.11
1 Metasploit module
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »