Lucene search
K

21 matches found

Nuclei
Nuclei
added 3 days ago166 views

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS7.9AI score0.98163EPSS
Exploits16References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS7.9AI score0.98163EPSS
Exploits16References1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2024-37042)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00574EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:41 a.m.6 views

CVE-2024-37042

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

5.1CVSS6.9AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.4 views

CVE-2021-37042

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read...

9.1CVSS7.2AI score0.00741EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/26 12:0 a.m.19 views

QNAP QuTS hero Multiple Vulnerabilities (QSA-24-43)

QNAP QuTS hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...

8.8CVSS7.5AI score0.0083EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/26 12:0 a.m.16 views

QNAP QTS Multiple Vulnerabilities (QSA-24-43)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

8.8CVSS7.5AI score0.0083EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2022/08/26 9:47 p.m.362 views

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

6.5CVSS0.5AI score0.98975EPSS
Exploits31
GithubExploit
GithubExploit
added 2022/08/25 10:43 a.m.393 views

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

9.8CVSS9.8AI score0.88256EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2022/08/16 12:0 a.m.36 views

Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)

A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

6.5CVSS5.5AI score0.98163EPSS
Exploits16
OSV
OSV
added 2022/08/12 3:15 p.m.32 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS8.2AI score0.88256EPSS
Exploits8References4
Circl
Circl
added 2022/08/12 12:7 p.m.14 views

CVE-2022-37042

creationtimestamp| type| source ---|---|--- 2022-08-12 12:07:32+00:00| exploited| https://t.me/truesecator/3286 2022-08-12 18:43:37+00:00| seen| https://t.me/cibsecurity/48066 2022-08-13 07:34:20+00:00| exploited| https://t.me/itsecnews/1182 2022-08-20 17:15:20+00:00| published-proof-of-concept|...

9.8CVSS7.4AI score0.88256EPSS
In wildExploits8References21
Cvelist
Cvelist
added 2022/08/11 7:37 p.m.35 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

8.4AI score0.88256EPSS
Exploits8References3
Vulnrichment
Vulnrichment
added 2022/08/11 7:37 p.m.20 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

10AI score0.88256EPSS
Exploits8References3
CVE
CVE
added 2022/08/11 7:37 p.m.1112 views

CVE-2022-37042

CVE-2022-37042 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The vulnerability arises in the mboximport endpoint that accepts a ZIP archive; when an attacker bypasses authentication (no authtoken), they can upload arbitrary files, causing directory traversal and remote code execution. ...

9.8CVSS9AI score0.88256EPSS
In wildExploits8References4Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/11 12:0 a.m.48 views

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...

9.8CVSS8.6AI score0.98163EPSS
In wildExploits16
Circl
Circl
added 2021/12/07 6:21 p.m.7 views

CVE-2021-37042

creationtimestamp| type| source ---|---|--- 2021-12-07 18:21:49+00:00| seen| https://t.me/cibsecurity/33465...

9.1CVSS8.6AI score0.00741EPSS
Exploits0References1
NVD
NVD
added 2021/12/07 4:15 p.m.23 views

CVE-2021-37042

There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read...

9.1CVSS0.00741EPSS
Exploits0References2
CVE
CVE
added 2021/12/07 3:45 p.m.46 views

CVE-2021-37042

CVE-2021-37042 affects Huawei Smartphone (and related EMUI/Magic UI lines). The connected documents describe an improper verification/insufficient input validation vulnerability that may allow an out-of-bounds read. Reports consistently cite this outcome, but no specific affected versions or reme...

9.1CVSS9.2AI score0.00741EPSS
Exploits0References2Affected Software2
Openbugbounty
Openbugbounty
added 2017/07/29 1:0 a.m.10 views

viepratique.fr XSS vulnerability

Vulnerable URL: http://www.viepratique.fr/?s=1%22--!%3E%3CSvg/OnLoad=confirm/OPENBUGBOUNTY/%3E%22 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 29.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 37042 VIP...

6.3AI score
Exploits0
Rows per page
Query Builder