Lucene search
K

11 matches found

Nuclei
Nuclei
added 3 days ago200 views

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS7.3AI score0.98586EPSS
Exploits16References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS7.9AI score0.98586EPSS
Exploits16References1
Rapid7 Blog
Rapid7 Blog
added 2022/08/26 9:47 p.m.364 views

Metasploit Wrap-Up

Zimbra Auth Bypass to Shell Ron Bowes added an exploit module that targets multiple versions of Zimbra Collaboration Suite. The module leverages an authentication bypass CVE-2022-37042 and a directory traversal vulnerability CVE-2022-27925 to gain code execution as the zimbra user. The auth bypas...

6.5CVSS0.5AI score0.98975EPSS
Exploits31
GithubExploit
GithubExploit
added 2022/08/25 10:43 a.m.396 views

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

9.8CVSS9.8AI score0.88256EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2022/08/16 12:0 a.m.39 views

Zimbra Collaboration Directory Traversal (CVE-2022-27925; CVE-2022-37042)

A Directory Traversal vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

6.5CVSS5.5AI score0.98586EPSS
Exploits16
Circl
Circl
added 2022/08/12 12:7 p.m.15 views

CVE-2022-37042

creationtimestamp| type| source ---|---|--- 2022-08-12 12:07:32+00:00| exploited| https://t.me/truesecator/3286 2022-08-12 18:43:37+00:00| seen| https://t.me/cibsecurity/48066 2022-08-13 07:34:20+00:00| exploited| https://t.me/itsecnews/1182 2022-08-20 17:15:20+00:00| published-proof-of-concept|...

9.8CVSS7.1AI score0.88256EPSS
In wildExploits8References21
Cvelist
Cvelist
added 2022/08/11 7:37 p.m.37 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

8.4AI score0.88256EPSS
Exploits8References3
Vulnrichment
Vulnrichment
added 2022/08/11 7:37 p.m.21 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

10AI score0.88256EPSS
Exploits8References3
CVE
CVE
added 2022/08/11 7:37 p.m.1115 views

CVE-2022-37042

CVE-2022-37042 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The vulnerability arises in the mboximport endpoint that accepts a ZIP archive; when an attacker bypasses authentication (no authtoken), they can upload arbitrary files, causing directory traversal and remote code execution. ...

9.8CVSS9AI score0.88256EPSS
In wildExploits8References4Affected Software1
OSV
OSV
added 2022/08/11 7:37 p.m.32 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS8.2AI score0.88256EPSS
Exploits8References6
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/11 12:0 a.m.48 views

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...

9.8CVSS8.6AI score0.98586EPSS
In wildExploits16
Rows per page
Query Builder