Published: 29/05/2019 Updated: 26/06/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 757

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synacor zimbra collaboration suite 8.7.11
synacor zimbra collaboration suite

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::FileDropper def initia ...

🕵️ Yet another CVE-2019-9670 exploit, but in Golang.

🕵️ Zaber Yet another CVE-2019-9670 exploit, but in Golang 🕵️ What is Zaber? 🕵️ Zaber is a Golang tool created to exploit the vulnerability defined as CVE-2019-9670 (XXE in Zimbra Collaboration 87X < 8711p10) ⚡ Installing / Getting started A quick guide of how to install and use Zaber 1 go install githubcom/o

xray poc 扫描器

简介 xray poc 发生了一次改版。导致之前的poc引擎不能使用。正好之前工作做过这方面的工作，重新写了一版xray poc v2版本的poc解析工具。 xray v2版格式：docsxraycool/#/guide/poc/v2 特此开源出来，希望能和研究这方面技术的师傅多交流。使用编译 go build -x -ldflags "-s -w" -o xray_poc

RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post

Zimbra-RCE-exploit RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post Tested with Zimbra 860, 8711 Usage: $ git clone githubcom/nth347/Zimbra-RCE-exploitgit $ cd Zimbra-RCE-exploit/ $ # Edit "Target configuration" part, host the "malicious_dtd" file on a webserver $ chmod +x exploitpy $ /exploitpy

xray poc.yml 执行器

xray poc 执行器仅供个人学习、研究使用，请勿用于非法用途使用 Releases页面包含最新下载地址 # curl -L githubcom/raylax/rayx/releases/download/010/rayx_darwin_amd64 -o rayx chmod +x rayx /rayx -p _testdata/pocs -u localhost:1234 # zeroshell-cve-2019-12725-rceyml - [H] √√√ # zimbra-cve-2019-9670-xxeym

Zimbra RCE PoC - CVE-2019-9670 XXE/SSRF

Zimbra-RCE Zimbra RCE CVE-2019-9670 $ /zimbrapy -h ____________ ___ ___________________ ___________ \____ /|__| _____\_ |______________ \______ \_ ___ \_ _____/ / / | |/ \| __ \_ __ \__ \ | _/ \ \/ | __)_ / /_ | | Y Y \ \_\ \ | \// __ \_ | | \ \____| \ /_______ \|__|__|_| /___ /__|

🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.

🕵️ Arbimz 🕵️ XXE in Zimbra Collaboration 87X < 8711p10 🕵️ What is Arbimz? 🕵️ Arbimz is a python tool created to exploit the vulnerability defined as CVE-2019-9670 (XXE in Zimbra Collaboration 87X < 8711p10) ⚡ Installing / Getting started A quick guide of how to install and use Arbimz 1 Clone t

CVE-2019-9670 is used to find XXE bug

CVE-2019-9670 CVE-2019-9670 is used to find XXE bug

CWE-611 https://www.exploit-db.com/exploits/46693/https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://bugzilla.zimbra.com/show_bug.cgi?id=109129 http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/https://nvd.nist.gov https://www.exploit-db.com/exploits/46693 https://github.com/oppsec/zaber

CVE-2019-9670

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect