CVE-2013-7091

🗓️ 13 Dec 2013 18:54:07Reported by mitreType

cve🔗 web.nvd.nist.gov👁 123 Views🌐 WEB

CVE-2013-7091 Directory traversal vulnerability in Zimbra 7.2.2 and 8.0.

Reporter	Title	Published	Views	Family All 18
Check Point Advisories	Zimbra Collaboration Server Local File Inclusion (CVE-2013-7091)	12 Jan 201400:00	–	checkpoint_advisories
0day.today	Zimbra Collaboration Server LFI Vulnerability	24 Dec 201300:00	–	zdt
Prion	Directory traversal	13 Dec 201318:07	–	prion
Prion	Design/Logic Flaw	26 Dec 201318:55	–	prion
NVD	CVE-2013-7091	13 Dec 201318:07	–	nvd
NVD	CVE-2013-7217	26 Dec 201318:55	–	nvd
Packet Storm	Zimbra Collaboration Server LFI	23 Dec 201300:00	–	packetstorm
Nuclei	Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion	21 Jan 202207:32	–	nuclei
Cvelist	CVE-2013-7091	13 Dec 201318:00	–	cvelist
Cvelist	CVE-2013-7217	26 Dec 201318:00	–	cvelist

Nvd

Node

synacor zimbra_collaboration_suiteMatch6.0.0

synacor zimbra_collaboration_suiteMatch6.0.1

synacor zimbra_collaboration_suiteMatch6.0.2

synacor zimbra_collaboration_suiteMatch6.0.3

synacor zimbra_collaboration_suiteMatch6.0.4

synacor zimbra_collaboration_suiteMatch6.0.5

synacor zimbra_collaboration_suiteMatch6.0.6

synacor zimbra_collaboration_suiteMatch6.0.7

synacor zimbra_collaboration_suiteMatch6.0.8

synacor zimbra_collaboration_suiteMatch6.0.9

synacor zimbra_collaboration_suiteMatch6.0.10

synacor zimbra_collaboration_suiteMatch6.0.12

synacor zimbra_collaboration_suiteMatch6.0.13

synacor zimbra_collaboration_suiteMatch6.0.14

synacor zimbra_collaboration_suiteMatch6.0.15

synacor zimbra_collaboration_suiteMatch6.0.16

Source	Link
exploit-db	www.exploit-db.com/exploits/30472
exploit-db	www.exploit-db.com/exploits/30085
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/89527
packetstormsecurity	www.packetstormsecurity.com/files/124321
osvdb	www.osvdb.org/100747
securityfocus	www.securityfocus.com/bid/64149

Parameter	Position	Path	Description	CWE
skin	query param	/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz	Directory traversal vulnerability in Zimbra allows attackers to read arbitrary files via a .. (dot dot) in the skin parameter.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Dec 2013 18:07Current

9.3High risk

Vulners AI Score9.3

CVSS25

EPSS0.96674

CWE-22