CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-10951
https://notcve.org/view.php?id=CVE-2018-10951
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. mailboxd en Zimbra Collaboration Suite, en versiones 8.8 anteriores a la 8.8.8; versiones 8.7 anteriores a la 8.7.11.Patch3 y versiones 8.6 anteriores a la 8.6.0.Patch10, permite el acceso de lectura zimbraSSLPrivateKey mediante una llamada GetServer, GetAllServers o GetAllActiveServers en la API SOAP Admin. • https://bugzilla.zimbra.com/show_bug.cgi?id=108894 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5721
https://notcve.org/view.php?id=CVE-2016-5721
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencia de comandos web o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/92682 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6541 – Zimbra 8.0.9 GA - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. Múltiples vulnerabilidades de CSRF en la inerfaz Mail en Zimbra Collaboration Server (ZCS) en versiones anteriores a 8.5 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que cambian preferencias de cuenta a través de una petición SOAP a service/soap/BatchRequest. • https://www.exploit-db.com/exploits/39500 http://seclists.org/fulldisclosure/2016/Feb/121 https://wiki.zimbra.com/wiki/Security/Collab/86#Notes_from_8.5_.28Jetty.29 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2013-7217
https://notcve.org/view.php?id=CVE-2013-7217
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. Vulnerabilidad no especificada en Zimbra Collaboration Server 7.2.5 y anteriores, y 8.0.x hasta 8.0.5, con impacto "crítico" y vectores no especificados, una vulnerabilidad distinta a CVE-2013-7091. • http://bugzilla.zimbra.com/show_bug.cgi?id=84547 http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf http://secunia.com/advisories/56138 http://www.osvdb.org/101147 http://www.securityfocus.com/bid/64415 http://www.zimbra.com/forums/announcements/67336-critical-security-vulnerability-addressed-7-2-6-8-0-6-maintenance-releases.html https://exchange.xforce.ibmcloud.com/vulner •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2012-1213 – Zimbra - 'view' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1213
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en zimbra/h/calendar en Zimbra Web Client en Zimbra Collaboration Suite (ZCS) en versiones 6.x anteriores a la 6.0.15 y 7.x anteriores a la 7.1.3 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro view. • https://www.exploit-db.com/exploits/36695 http://packetstormsecurity.org/files/109710/Zimbra-Cross-Site-Scripting.html http://st2tea.blogspot.com/2012/02/zimbra-cross-site-scripting.html http://www.securityfocus.com/bid/51974 https://bugzilla.zimbra.com/show_bug.cgi?id=63849 https://exchange.xforce.ibmcloud.com/vulnerabilities/73168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •