Lucene search
K

208 matches found

ATTACKERKB
ATTACKERKB
added 2023/07/06 4:15 p.m.4 views

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdcpreauth.jsp component...

9.8CVSS7.5AI score0.01014EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.6 views

Synacor Zimbra Collaboration Server 安全漏洞

Synacor Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Synacor, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and more. A security vulnerability exists in Synacor Zimbra Collaboration Server versions v.8.8.15 and...

9.8CVSS8.8AI score0.01014EPSS
Exploits0References3
OSV
OSV
added 2023/07/06 12:0 a.m.23 views

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdcpreauth.jsp component...

9.8CVSS8AI score0.01014EPSS
Exploits0References4
NVD
NVD
added 2023/06/15 9:15 p.m.21 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS6.1AI score0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/15 12:0 a.m.20 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.6AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.16 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.2AI score0.00393EPSS
Exploits0References2
OSV
OSV
added 2023/06/15 12:0 a.m.22 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS6.4AI score0.00393EPSS
Exploits0References4
Metasploit
Metasploit
added 2023/06/09 7:50 p.m.542 views

Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization

Oracle Weblogic 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This occurs when an attacker serializes a "ForeignOpaqueReference" class object,...

8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.8 views

The vulnerability of the PreAuth component in the corporate email management system Zimbra Collaboration Suite allows a hacker to redirect users to any arbitrary URL address.

The vulnerability of the PreAuth component in the Zimbra Collaboration Suite email management system is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address remotely...

7.5CVSS6.3AI score0.00393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.4 views

PT-2023-13561 · Hewlett Packard · Hpe Serviceguard

Name of the Vulnerable Software and Affected Versions: HPE Serviceguard affected versions not specified Description: The issue concerns pre-auth memory corruption in HPE Serviceguard. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS9.5AI score0.00713EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.6 views

PT-2023-2843 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 through 9.0 Description: An open redirect issue exists in the /preauth Servlet, allowing an attacker to redirect a user to any URL if URL sanitization is bypassed in incoming requests. To exploit thi...

7.5CVSS6.1AI score0.00393EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.5 views

SUSE CVE-2014-2567

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a 1 sent or 2 draft folder via a PREAUTH response that prevents later use of the STARTTLS comman...

4.3CVSS6.9AI score0.00981EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

7.5CVSS6.9AI score0.0214EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2023/02/06 9:55 a.m.3 views

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server sshd. Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in...

6.5CVSS10AI score0.89955EPSS
Exploits10
OSV
OSV
added 2023/01/17 12:0 a.m.4 views

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

7.5CVSS6.8AI score0.01277EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.4 views

Zimbra Collaboration Suite 跨站请求伪造漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site request forgery vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15, 9.0, which stems from a cross-site request...

5.7CVSS5.8AI score0.00269EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/05/10 2:9 p.m.22 views

fetchmail: STARTTLS session encryption bypassing

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

5.9CVSS5.8AI score0.00925EPSS
Exploits0References4
OSV
OSV
added 2022/05/06 5:15 p.m.3 views

CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

4.3CVSS5.8AI score0.00605EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/01/19 8:0 a.m.2 views

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances such as a certain situation with IMAP and PREAUTH.

...

5.9CVSS5.1AI score0.00925EPSS
Exploits0
GithubExploit
GithubExploit
added 2021/12/08 8:24 p.m.553 views

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

9.8CVSS9.8AI score0.93514EPSS
Exploits6
Rows per page
Query Builder