15 matches found
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...
Metasploit Wrap-Up
Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...
Zimbra Zip Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
CVE-2022-27925 Description On May 10, 2022, Zimbra released...
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
CVE-2022-27925 Setup git clone https://github.com/miko...
Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)
A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
CVE-20...
Directory traversal
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
[updated] Thousands of Zimbra mail servers backdoored in large scale attack
Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...
Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution...
CVE-2022-27925
creationtimestamp| type| source ---|---|--- 2022-05-05 14:03:26+00:00| seen| https://t.me/ptswarm/123 2022-06-22 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6249 2022-08-12 12:07:32+00:00| exploited| https://t.me/truesecator/3286 2022-08-12 18:43:37+00:00|...
CVE-2022-27925
Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal...
CVE-2022-27925
CVE-2022-27925 affects Zimbra Collaboration Suite 8.8.15 and 9.0, where mboximport accepts a ZIP and extracts files. An authenticated administrator can upload arbitrary files, enabling directory traversal. Public PoCs/exploits in connected docs demonstrate path traversal behavior and indicate aff...