Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. id: CVE-2018-14013 info: name: Synacor Zimbra Collaboration Suite Collaboration 8.8.11 - Cross-Site Scripting author: pikpikcu severity: medium description:...

Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. id: CVE-2020-7796 info: name: Zimbra Collaboration Suite 8.8.15 Patch 7 - Server-Side Request Forgery author: gy741 severity: critical...

Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion

A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP...

Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection

Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection XXE vulnerability via the mailboxd component. id: CVE-2019-9670 info: name: Synacor Zimbra Collaboration 8.7.11p10 - XML External Entity Injection author: ree4pwn severity: critical description: Synacor...

CVE-2018-10948

Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs...

CVE-2018-18631

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS...

EUVD-2018-10347

Malware in sbrugna...

EUVD-2018-12729

Malware in sbrugna...

EUVD-2018-7012

Malware in sbrugna...

EUVD-2014-5387

Malware in sbrugna...

EUVD-2018-6342

Malware in sbrugna...

CVE-2018-14425

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite ZCS Zimbra Web Client ZWC 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1...

CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection XXE vulnerability, as demonstrated by Autodiscover/Autodiscover.xml...

CVE-2018-20160

ZxChat aka ZeXtras Chat, as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd...

CVE-2018-15131

An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests...

CVE-2015-2230

Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console...

CVE-2019-6980

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component...

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite ZCS to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in...

Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands...