Lucene search
K

69 matches found

Nuclei
Nuclei
added 3 days ago20 views

Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

9.8CVSS7.7AI score0.95478EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

Zimbra Collaboration Server < 8.8.15 Patch 7 Server-Side Request Forgery Vulnerability

According to its self-reported version number, Zimbra Collaboration Server is affected by a server-side request forgery vulnerability: - Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. CVE-2020-7796 Note that Nessus has no...

9.8CVSS7.5AI score0.85416EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 47, 9.x < 9.0.0 Patch 43, 10.0.x < 10.0.12, 10.1.x < 10.1.4 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site scripting vulnerability: - A Cross-Site Scripting XSS vulnerability exists in the Zimbra Classic UI due to improper sanitization of crafted HTML content. An attacker can exploit this to execute...

6.1CVSS8.2AI score0.01761EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.7 views

Zimbra Collaboration Server 10.0.x < 10.0.18, 10.1.x < 10.1.13 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request...

8.8CVSS7.7AI score0.31769EPSS
Exploits5References6
OSV
OSV
added 2025/12/22 6:16 p.m.6 views

CVE-2025-68645

A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...

8.8CVSS6.8AI score0.31769EPSS
Exploits5References3
EUVD
EUVD
added 2025/10/21 12:0 a.m.8 views

EUVD-2025-35204

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...

5CVSS6.4AI score0.00238EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.2 views

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker...

5.4CVSS7.4AI score0.04241EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-7000

Malware in sbrugna...

10CVSS6.4AI score0.0293EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-6480

Malware in sbrugna...

8.8CVSS8.8AI score0.02989EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-2337

Malware in sbrugna...

6.1CVSS6.3AI score0.00799EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.6 views

Zimbra Collaboration Server < 8.7.11 Patch 9, 8.8 < 8.8.9 Patch 10, 8.8.10 < Patch 7, 8.8.11 < Patch 3

According to its self-reported version number, Zimbra Collaboration Server is affected by an object derserialization vulnerability in the IMAP componet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 8090...

9.8CVSS8.4AI score0.03912EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.29 views

Zimbra Collaboration Server < 8.7.11 Patch 11, 8.8 < 8.8.9 Patch 10, 8.8.10 < Patch 8, 8.8.11 < Patch 4

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilies: - Zimbra Collaboration Suite allows SSRF via the ProxyServlet component CVE-2019-9621 - Zimbra Collaboration Suite allows Blind SSRF in the Feed component. CVE-2019-6981 Note that...

7.5CVSS7.4AI score0.80906EPSS
Exploits10References6
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.12 views

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.7 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 hav...

7.8CVSS7.9AI score0.19543EPSS
Exploits3References8
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.4 views

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendaring, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0, 10.0, and 10.1, which stems fro...

5.4CVSS6.4AI score0.00256EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/13 12:0 a.m.11 views

Zimbra Collaboration Server 9.0.x < 9.0.0 Patch 43, 10.0.x < 10.0.12, 10.1.x < 10.1.4 SSRF

An issue was discovered in Zimbra Collaboration ZCS. An SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. Note that Nessus has not tested for this...

5.3CVSS8.8AI score0.00565EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.6 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

4.8CVSS6.3AI score0.00392EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.4 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

5.4CVSS6AI score0.00392EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.2 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

5.4CVSS5.9AI score0.00645EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.2 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and prior versions, whi...

5.4CVSS6.2AI score0.00531EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.4 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server versions 9.0 and 10.0. An attacker c...

4.8CVSS6AI score0.00467EPSS
Exploits0References5
Rows per page
Query Builder