Filtered by vendor Zimbra
Subscriptions
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2024-11-21 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | ||||
| CVE-2013-7217 | 1 Zimbra | 1 Collaboration Server | 2024-11-21 | N/A |
| Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | ||||
| CVE-2013-1938 | 1 Zimbra | 1 Zimbra | 2024-11-21 | 6.1 Medium |
| Zimbra 2013 has XSS in aspell.php | ||||
| CVE-2012-1213 | 1 Zimbra | 1 Zimbra | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | ||||
| CVE-2008-1226 | 1 Zimbra | 1 Collaboration Suite | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. | ||||
| CVE-2024-45518 | 1 Zimbra | 1 Collaboration | 2024-10-30 | 7.5 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE). | ||||
| CVE-2024-27442 | 1 Zimbra | 1 Collaboration | 2024-08-13 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | ||||