CVE-2018-18631

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS...

EUVD-2018-10347

Malware in sbrugna...

EUVD-2018-3003

Malware in sbrugna...

VulnCheck KEV: CVE-2019-9670

Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...

Zimbra Collaboration Server 8.7.x < 8.7.11p10 XML External Entity injection (XXE) vulnerability

Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability. Note that Nessus does not identify patch level or components versions for the Synacor Zimbra Collaboration Suite. You will need to verify if the patch has been...

CVE-2018-18631

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS...

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

Cross site scripting

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS...

CVE-2018-18631

CVE-2018-18631 : The Red Hat/NVD records confirm a Persistent Cross-Site Scripting (XSS) flaw in the mailboxd component of Zimbra Collaboration Suite. Affected products/versions include ZCS 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2. The available documents do not provide explo...

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

Zimbra Collaboration Suite mailboxd Component Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the American company Zimbra. The product includes WebMail, calendar, address book , etc. mailboxd is one of the e-mail component . A cross-site scripting vulnerability exists in the mailboxd component in Zimbra ZCS versions...

Zimbra Collaboration Suite mailboxd User Enumeration Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, and more. mailboxd is one of the email components. A security vulnerability exists in mailboxd in ZCS versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6...

Zimbra Collaboration Suite mailboxd information disclosure vulnerability (CNVD-2018-09677)

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, and more. mailboxd is one of the email components. A security vulnerability exists in mailboxd in ZCS versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6...

Zimbra Collaboration Suite mailboxd Information Disclosure Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, and more. mailboxd is one of the email components. A security vulnerability exists in mailboxd in ZCS versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6...

CVE-2018-10949

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...

Design/Logic Flaw

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API...

CVE-2018-10949

CVE-2018-10949 affects mailboxd in Zimbra Collaboration Suite (ZCS) prior to 8.8.8, 8.7 prior to 8.7.11.Patch3, and 8.6 prior to 8.6.0.Patch10. The vulnerability enables account enumeration by exploiting a discrepancy between HTTP 404 (account not active) and HTTP 401 (must authenticate) response...

CVE-2018-10951

CVE-2018-10951 affects Zimbra Collaboration Suite mailboxd. The vulnerability allows read access to the zimbraSSLPrivateKey via Admin SOAP API calls (GetServer, GetAllServers, GetAllActiveServers). Affected versions are ZCS 8.8 prior to 8.8.8; 8.7 prior to 8.7.11.Patch3; and 8.6 prior to 8.6.0.Pa...

CVE-2018-10950

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump...