Zimbra 漏洞列表
共找到 24 个与 Zimbra 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution POC
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. FOFA: app="zimbra-邮件系统" SHODAN: http.favicon.hash:"1624375939" -
CVE-2013-7091: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion POC
A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. -
CVE-2018-14013: Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting POC
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. -
CVE-2019-9670: Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection POC
Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component. -
CVE-2020-7796: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery POC
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. -
CVE-2022-27926: Zimbra Collaboration (ZCS) - Cross Site Scripting POC
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. -
CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution POC
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925. -
CVE-2023-34192: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting POC
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. -
CVE-2023-37580: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting POC
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. -
CVE-2024-45519: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution POC
SMTP-based vulnerability in the PostJournal service of Zimbra Collaboration Suite that allows unauthenticated attackers to inject arbitrary commands. This vulnerability arises due to improper sanitization of SMTP input, enabling attackers to craft malicious SMTP messages that execute commands under the Zimbra user context. Successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality. -
Zimbra 未授权 命令注入漏洞 无POC
Zimbra 未授权 命令注入漏洞 -
Zimbra Collaboration 跨站脚本漏洞 无POC
Zimbra Collaboration存在跨站脚本漏洞。此漏洞是由于error.jsp对于接收的参数缺乏校验导致的。 -
Zimbra Collaboration Calendar CVE-2022-24682 跨站脚本漏洞 无POC
Zimbra Collaboration Calendar 存在反射型跨站脚本漏洞。 -
Zimbra Collaboration Memcached CRLF 注入漏洞 无POC
Zimbra Collaboration服务器存在CRLF注入漏洞,此漏洞是使用Memcached执行路由缓存时,对HTTP请求URI及头部值中的CRLF字符过滤不充分导致的。 -
Zimbra Collaboration Mboximport 任意文件上传漏洞 无POC
Zimbra Collaboration(又称ZCS)具有mboximport功能,可接收ZIP存档并从中提取文件,该产品8.8.15和9.0版本存在任意文件上传以及身份验证绕过漏洞。 -
Zimbra Collaboration Suite CVE-2023-37580 跨站脚本漏洞 无POC
-
Zimbra Collaboration Suite 协同办公系统 sfdc_preauth.jsp 文件服务器端请求伪造漏洞 无POC
Zimbra Collaboration Suite(ZCS)是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra协同办公系统sfdc_preauth.jsp文件存在SSRF漏洞,攻击者可利用漏洞对内网进行端口探测等攻击。 -
zimbraAdmin命令执行(CVE-2022-27925) 无POC
Zimbra Collaboration(又名 ZCS)8.8.15 和 9.0 具有 mboximport 功能,可接收 ZIP存档并从中提取文件。具有管理员权限的经过身份验证的用户能够将任意文件上传到系统,从而导致命令执行。 -
Zimbra Collaboration Suite 路径遍历漏洞 无POC
Zimbra Collaboration Suite(ZCS)是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite 8.8.15 和 9.0 存在路径遍历漏洞,具有管理员权限的经过身份验证的用户能够将任意文件上传到系统,从而导致目录遍历。 -
Zimbra Collaboration Suite SSRF漏洞(CVE-2020-7796) 无POC
Zimbra Collaboration Suite (ZCS)系统在8.8.15版本前存在ssrf漏洞,攻击者可利用该漏洞获取系统敏感信息等。 -
Zimbra 用户枚举漏洞(CVE-2018-10949) 无POC
【漏洞对象】Zimbra Collaboration Suite 【涉及版本】Zimbra Collaboration Suite 8.5-8.7.11【漏洞描述】Zimbra CollaborationSuite(ZCS)是美国Zimbra公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。该漏洞主要是因为mailboxd组件的返回信息有区别,攻击者可借助返回的‘HTTP404 -账户未激活’和‘HTTP 401 - 需认证’页面利用该漏洞枚举账户 -
Zimbra XXE Autodiscover文件漏洞(CVE-2019-9670) 无POC
【漏洞对象】Zimbra Collaboration Suite 【涉及版本】Zimbra Collaboration Suite 8.5-8.7.11【漏洞描述】Zimbra CollaborationSuite(ZCS)是美国Zimbra公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当,处理请求过程中先验证AcceptableResponseSchema是否正确,再验证权限,导致黑客可以向Autodiscover.xml上传恶意的xml代码,利用报错信息读取任意文件,结合ssrf可以导致rce -
Zimbra-任意文件读取导致shell(CVE-2013-7091) 无POC
【漏洞对象】Zimbra邮件系统 【漏洞描述】 该系统存在任意文件读取漏洞,最终可能导致命令执行。 -
Zimbra Collaboration Suite 代码问题漏洞 无POC
Zimbra Collaboration Suite(ZCS)是美国Synacor的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 7之前版本中存在代码问题漏洞。在安装有WebEx zimlet并启用zimlet JSP时,攻击者可借助特制‘argument’参数利用该漏洞实施服务器请求伪造攻击(SSRF)。