📄 Zimbra Collaboration Suite Postjournal 8.8.15 Remote Code Execution

Zimbra Collaboration Suite Postjournal version 8.8.15 unauthenticated proof of concept remote code execution exploit that leverages SMTP injection. ============================================================================================================================================= | Title...

CVE-2022-37393

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root...

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

Zimbra Collaboration Server < 8.8.15 P11 / 9.x < 9.0.0 P4 XSS

According to its self-reported version number, Zimbra Collaboration Server is below 8.8.15 Patch 11, or 9.x prior to 9.0.0 Patch 4. It is, therefore, affected by a cross-site scripting XSS vulnerability in the Webmail component. An unauthenticated, remote attacker can exploit this, by convincing ...