CVE-2020-35123
https://notcve.org/view.php?id=CVE-2020-35123
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17. En Zimbra Collaboration Suite Network Edition versiones anteriores a 9.0.0 P10 y versión 8.8.15 P17, se presenta una vulnerabilidad de tipo XXE en la extensión de la tienda de consumidores saml, que es vulnerable a ataques de tipo XXE. Esto ha sido corregido en la edición Zimbra Collaboration Suite Network versión 9.0.0 Parche 10 y 8.8.15 Parche 17 • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2006-0174 – Hummingbird Collaboration - Application Cookie Internal Network Information Disclosure
https://notcve.org/view.php?id=CVE-2006-0174
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. • https://www.exploit-db.com/exploits/27062 http://secunia.com/advisories/18411 http://securityreason.com/securityalert/328 http://www.securenetwork.it/advisories/sn-2006-01.html http://www.securityfocus.com/archive/1/421392/100/0/threaded http://www.securityfocus.com/bid/16195 http://www.vupen.com/english/advisories/2006/0145 https://exchange.xforce.ibmcloud.com/vulnerabilities/24069 •