11 matches found
Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
Metasploit Wrap-Up
Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...
Exploit for Path Traversal in Zimbra Collaboration
CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...
Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)
A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
CVE-2022-37042
creationtimestamp| type| source ---|---|--- 2022-08-12 12:07:32+00:00| exploited| https://t.me/truesecator/3286 2022-08-12 18:43:37+00:00| seen| https://t.me/cibsecurity/48066 2022-08-13 07:34:20+00:00| exploited| https://t.me/itsecnews/1182 2022-08-20 17:15:20+00:00| published-proof-of-concept|...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
CVE-2022-37042
CVE-2022-37042 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The vulnerability arises in the mboximport endpoint that accepts a ZIP archive; when an attacker bypasses authentication (no authtoken), they can upload arbitrary files, causing directory traversal and remote code execution. ...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...