CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization

Oracle Weblogic 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This occurs when an attacker serializes a "ForeignOpaqueReference" class object,...

The vulnerability of the PreAuth component in the corporate email management system Zimbra Collaboration Suite allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of the PreAuth component in the Zimbra Collaboration Suite email management system is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address remotely...

PT-2023-13561 · Hewlett Packard · Hpe Serviceguard

Name of the Vulnerable Software and Affected Versions: HPE Serviceguard affected versions not specified Description: The issue concerns pre-auth memory corruption in HPE Serviceguard. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2023-2843 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 through 9.0 Description: An open redirect issue exists in the /preauth Servlet, allowing an attacker to redirect a user to any URL if URL sanitization is bypassed in incoming requests. To exploit thi...

SUSE CVE-2014-2567

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

SUSE CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

Zimbra Collaboration Suite 跨站请求伪造漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site request forgery vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15, 9.0, which stems from a cross-site request...

fetchmail: STARTTLS session encryption bypassing

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances such as a certain situation with IMAP and PREAUTH.

...

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

Sitecore Experience Platform (XP) PreAuth Deserialization RCE

This module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in...

Sitecore Experience Platform (XP) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sitecore Experience Platform XP PreAuth Deserialization RCE', 'Description' = %q This module exploits a deserialization vulnerability in the...

OPENSUSE-SU-2021:1416-1 Security update for fetchmail

This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069 This update was imported from the SUSE:SLE-15:Update update project...