Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 47, 9.x < 9.0.0 Patch 43, 10.0.x < 10.0.12, 10.1.x < 10.1.4 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site scripting vulnerability: - A Cross-Site Scripting XSS vulnerability exists in the Zimbra Classic UI due to improper sanitization of crafted HTML content. An attacker can exploit this to execute...

Zimbra Collaboration Server 10.0.x < 10.0.18, 10.1.x < 10.1.13 Local File Inclusion

A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...

CVE-2025-68645

A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...

EUVD-2025-35204

Zimbra Collaboration ZCS before 10.1.12 allows SSRF because of the configuration of the chat proxy...

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker...

EUVD-2015-6480

Malware in sbrugna...

EUVD-2004-0649

Malware in sbrugna...

EUVD-2014-8724

Malware in sbrugna...

EUVD-2010-0673

Malware in sbrugna...

EUVD-2010-0672

Malware in sbrugna...

EUVD-2015-2337

Malware in sbrugna...

EUVD-2013-7000

Malware in sbrugna...

EUVD-2014-8723

Malware in sbrugna...

Zimbra Collaboration Server < 8.7.11 Patch 11, 8.8 < 8.8.9 Patch 10, 8.8.10 < Patch 8, 8.8.11 < Patch 4

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilies: - Zimbra Collaboration Suite allows SSRF via the ProxyServlet component CVE-2019-9621 - Zimbra Collaboration Suite allows Blind SSRF in the Feed component. CVE-2019-6981 Note that...

Zimbra Collaboration Server < 8.7.11 Patch 9, 8.8 < 8.8.9 Patch 10, 8.8.10 < Patch 7, 8.8.11 < Patch 3

According to its self-reported version number, Zimbra Collaboration Server is affected by an object derserialization vulnerability in the IMAP componet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 8090...

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.7 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 hav...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendaring, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0, 10.0, and 10.1, which stems fro...

Zimbra Collaboration Server 9.0.x < 9.0.0 Patch 43, 10.0.x < 10.0.12, 10.1.x < 10.1.4 SSRF

An issue was discovered in Zimbra Collaboration ZCS. An SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. Note that Nessus has not tested for this...

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...