Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration suite vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal a...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
11 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-35209
An issue exists in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.x prior to 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not che...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration
9.8
CVSSv3
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite
9.8
CVSSv3
CVE-2019-6980
Synacor Zimbra Collaboration Suite 8.7.x up to and including 8.8.11 allows insecure object deserialization in the IMAP component.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.11
Synacor Zimbra Collaboration Suite 8.8.10
Synacor Zimbra Collaboration Suite 8.8.9
9.8
CVSSv3
CVE-2018-20160
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.11
Synacor Zimbra Collaboration Suite 8.8.10
Synacor Zimbra Collaboration Suite 8.8.9
9.8
CVSSv3
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
9.8
CVSSv3
CVE-2017-6813
A service provided by Zimbra Collaboration Suite (ZCS) prior to 8.7.6 fails to require needed privileges before performing a few requested operations.
Synacor Zimbra Collaboration Suite
9.8
CVSSv3
CVE-2017-6821
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) prior to 8.7.6 allows malicious users to have unspecified impact via unknown vectors.
Synacor Zimbra Collaboration Suite
9.8
CVSSv3
CVE-2016-9924
Zimbra Collaboration Suite (ZCS) prior to 8.7.4 allows remote malicious users to conduct XML External Entity (XXE) attacks.
Synacor Zimbra Collaboration Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »