Lucene search
+L

15 matches found

GithubExploit
GithubExploit
added 2022/09/17 10:24 p.m.424 views

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

7.2CVSS8.9AI score0.98586EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/08/26 9:47 p.m.365 views

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

6.5CVSS0.5AI score0.98975EPSS
Exploits31
GithubExploit
GithubExploit
added 2022/08/26 8:19 p.m.393 views

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

7.2CVSS8.9AI score0.98586EPSS
Exploits14
Packet Storm
Packet Storm
added 2022/08/24 12:0 a.m.454 views

Zimbra Zip Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...

9.8CVSS0.1AI score0.98586EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/08/20 3:58 p.m.202 views

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-2022-27925 Description On May 10, 2022, Zimbra released...

9.8CVSS9.5AI score0.98586EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/08/19 4:46 a.m.332 views

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-2022-27925 Setup git clone https://github.com/miko...

9CVSS7.6AI score0.98586EPSS
Exploits15
Check Point Advisories
Check Point Advisories
added 2022/08/16 12:0 a.m.39 views

Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)

A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

6.5CVSS5.5AI score0.98586EPSS
Exploits16
GithubExploit
GithubExploit
added 2022/08/12 6:35 p.m.48 views

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

CVE-20...

7.2CVSS7.1AI score0.98586EPSS
Exploits14
Prion
Prion
added 2022/08/12 3:15 p.m.38 views

Directory traversal

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

7.5CVSS8.1AI score0.98586EPSS
Exploits16References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/12 12:0 a.m.496 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS9.1AI score0.98586EPSS
In wildExploits16References4
Malwarebytes
Malwarebytes
added 2022/08/11 1:0 p.m.104 views

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...

6.5CVSS9.1AI score0.98586EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/11 12:0 a.m.55 views

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution...

9.8CVSS8.8AI score0.98586EPSS
In wildExploits16
Circl
Circl
added 2022/05/05 2:3 p.m.9 views

CVE-2022-27925

creationtimestamp| type| source ---|---|--- 2022-05-05 14:03:26+00:00| seen| https://t.me/ptswarm/123 2022-06-22 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6249 2022-08-12 12:07:32+00:00| exploited| https://t.me/truesecator/3286 2022-08-12 18:43:37+00:00|...

7.2CVSS7.4AI score0.98586EPSS
Exploits14References41
Vulnrichment
Vulnrichment
added 2022/04/20 11:23 p.m.17 views

CVE-2022-27925

Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal...

8.4AI score0.98586EPSS
Exploits14References4
CVE
CVE
added 2022/04/20 11:23 p.m.1136 views

CVE-2022-27925

CVE-2022-27925 affects Zimbra Collaboration Suite 8.8.15 and 9.0, where mboximport accepts a ZIP and extracts files. An authenticated administrator can upload arbitrary files, enabling directory traversal. Public PoCs/exploits in connected docs demonstrate path traversal behavior and indicate aff...

7.2CVSS7.2AI score0.98586EPSS
In wildExploits14References5Affected Software1
Rows per page
Query Builder