NotCVE - vendor:"Synacor" product:"Zimbra Collaboration Suite" version:"

Page 10 of 50 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3412

https://notcve.org/view.php?id=CVE-2016-3412

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791. Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocidas como errores 103997, 104413, 104414, 104777 y 104791. • http://www.securityfocus.com/bid/95899 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-3415

https://notcve.org/view.php?id=CVE-2016-3415

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos llevar a cabo ataques de deserialización a través de vectores no especificados, vulnerabilidad también conocida como error 102276. • http://www.securityfocus.com/bid/95917 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2016-3403 – Zimbra Cross Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-3403

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en la Consola Administrativa en Zimbra Collaboration anterior a versión 8.6.0 Parche 8, permiten a los atacantes remotos secuestrar la autenticación de administradores para pedir que (1) agregue, (2) modifique o (3) elimine cuentas mediante el aprovechamiento de un fallo en el uso de un token CSRF y realizar comprobaciones de encabezado de referencia, también se conoce como errores 100885 y 100899. Zimbra versions prior to 8.7 suffer from cross site request forgery vulnerabilities in the administrative interface. • http://seclists.org/fulldisclosure/2017/Jan/30 http://www.securityfocus.com/bid/95383 https://bugzilla.zimbra.com/show_bug.cgi?id=100885 https://bugzilla.zimbra.com/show_bug.cgi?id=100899 https://sysdream.com/news/lab/2017-01-12-cve-2016-3403-multiple-csrf-in-zimbra-administration-interface https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6_Patch_8 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 97%CPEs: 16EXPL: 4

CVE-2013-7091 – Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2013-7091

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Vulnerabilidad de salto de directorio en /res/I18nMsg, AjxMsg, ZMsg, ZmMsg, AjxKeys, ZmKeys, ZdMsg, Ajx% 20TemplateMsg.js.zgz en Zimbra que permite a atacantes remotos leer archivos de su elección a través de .. (punto punto) en el parámetro skin. • https://www.exploit-db.com/exploits/30472 https://www.exploit-db.com/exploits/30085 http://osvdb.org/100747 http://packetstormsecurity.com/files/124321 http://www.exploit-db.com/exploits/30085 http://www.exploit-db.com/exploits/30472 http://www.securityfocus.com/bid/64149 https://exchange.xforce.ibmcloud.com/vulnerabilities/89527 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2013-5119

https://notcve.org/view.php?id=CVE-2013-5119

Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. Zimbra Collaboration Suite (ZCS) 6.0.16 y anteriores permite a atacantes "man-in-the-middle" obtener acceso mediante la captura de tráfico de red y reenviando el token ZM_AUTH_TOKEN. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html http://osvdb.org/97290 http://www.securityfocus.com/bid/62407 • CWE-287: Improper Authentication •

1...8 9 10