collaboration suite vulnerabilities and exploits

(subscribe to this query)

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging...

Synacor Zimbra Collaboration Suite 8.6.0 Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.11 Zimbra Zimbra Collaboration Suite 8.6.0

An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of...

Synacor Zimbra Collaboration Suite 8.6.0 Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.11 Synacor Zimbra Collaboration Suite 8.8.8 Synacor Zimbra Collaboration Suite 8.8.93 Github repositories available

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7)...

Oracle Collaboration Suite 9.0.4.2 Oracle Collaboration Suite 10.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image...

Zimbra Collaboration Suite 4.0.3 Zimbra Collaboration Suite 4.5.6

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as...

Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.8.15 Synacor Zimbra Collaboration Suite 9.0.0

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1....

Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.8.8 Synacor Zimbra Collaboration Suite 8.8.9

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability....

Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.111 EDB exploit available1 Metasploit module available8 Github repositories available1 Article available

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API....

Synacor Zimbra Collaboration Suite Zimbra Zimbra Collaboration Suite 8.6 Zimbra Zimbra Collaboration Suite 8.7.11

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump....

Synacor Zimbra Collaboration Suite 8.6.0 Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.11

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible....

Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.8.15

« PREV 1 2 3 4 5 6 7 NEXT »