Page 10 of 50 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como error 102637. • http://www.securityfocus.com/bid/95896 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocidas como errores 103997, 104413, 104414, 104777 y 104791. • http://www.securityfocus.com/bid/95899 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en la Consola Administrativa en Zimbra Collaboration anterior a versión 8.6.0 Parche 8, permiten a los atacantes remotos secuestrar la autenticación de administradores para pedir que (1) agregue, (2) modifique o (3) elimine cuentas mediante el aprovechamiento de un fallo en el uso de un token CSRF y realizar comprobaciones de encabezado de referencia, también se conoce como errores 100885 y 100899. Zimbra versions prior to 8.7 suffer from cross site request forgery vulnerabilities in the administrative interface. • http://seclists.org/fulldisclosure/2017/Jan/30 http://www.securityfocus.com/bid/95383 https://bugzilla.zimbra.com/show_bug.cgi?id=100885 https://bugzilla.zimbra.com/show_bug.cgi?id=100899 https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 97%CPEs: 16EXPL: 4

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Vulnerabilidad de salto de directorio en /res/I18nMsg, AjxMsg, ZMsg, ZmMsg, AjxKeys, ZmKeys, ZdMsg, Ajx% 20TemplateMsg.js.zgz en Zimbra que permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro skin. • https://www.exploit-db.com/exploits/30472 https://www.exploit-db.com/exploits/30085 http://osvdb.org/100747 http://packetstormsecurity.com/files/124321 http://www.exploit-db.com/exploits/30085 http://www.exploit-db.com/exploits/30472 http://www.securityfocus.com/bid/64149 https://exchange.xforce.ibmcloud.com/vulnerabilities/89527 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0

Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. Zimbra Collaboration Suite (ZCS) 6.0.16 y anteriores permite a atacantes "man-in-the-middle" obtener acceso mediante la captura de tráfico de red y reenviando el token ZM_AUTH_TOKEN. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html http://osvdb.org/97290 http://www.securityfocus.com/bid/62407 • CWE-287: Improper Authentication •