CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6541 – Zimbra 8.0.9 GA - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. Múltiples vulnerabilidades de CSRF en la inerfaz Mail en Zimbra Collaboration Server (ZCS) en versiones anteriores a 8.5 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que cambian preferencias de cuenta a través de una petición SOAP a service/soap/BatchRequest. • https://www.exploit-db.com/exploits/39500 http://seclists.org/fulldisclosure/2016/Feb/121 https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2013-7217
https://notcve.org/view.php?id=CVE-2013-7217
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. Vulnerabilidad no especificada en Zimbra Collaboration Server 7.2.5 y anteriores, y 8.0.x hasta 8.0.5, con impacto "crítico" y vectores no especificados, una vulnerabilidad distinta a CVE-2013-7091. • http://bugzilla.zimbra.com/show_bug.cgi?id=84547 http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf http://secunia.com/advisories/56138 http://www.osvdb.org/101147 http://www.securityfocus.com/bid/64415 http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html https://exchange.xforce.ibmcloud.com/vulner •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1226
https://notcve.org/view.php?id=CVE-2008-1226
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6 y posiblemente otras versiones anteriores a 4.5.10, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de un adjunto de e-mail usando ficheros (1) .jpg o (2) .gif. • http://jvn.jp/jp/JVN%2395014590/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000004.html http://secunia.com/advisories/29263 http://www.securityfocus.com/bid/28134 http://www.zimbra.com/jp/products/vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •