48 results (0.006 seconds)

CVSS: 10.0EPSS: 76%CPEs: 82EXPL: 3

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. El servicio postjournal en Zimbra Collaboration (ZCS) anterior a la versión 8.8.15 parche 46, 9 anterior a la versión 9.0.0 parche 41, 10 anterior a la versión 10.0.9 y 10.1 anterior a la versión 10.1.1 a veces permite que usuarios no autenticados ejecuten comandos. Synacor Zimbra Collaboration contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands. • https://github.com/Chocapikk/CVE-2024-45519 https://github.com/p33d/CVE-2024-45519 https://github.com/TOB1a3/CVE-2024-45519-PoC https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes https://wiki.zimbra.com/wiki&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42. Se descubrió un problema en Zimbra Collaboration (ZCS) antes de 10.0.3. Un atacante puede obtener acceso a una cuenta de Zimbra. • http://www.openwall.com/lists/oss-security/2023/11/17/2 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories •

CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Se descubrió un problema en Zimbra Collaboration (ZCS) antes de 10.0.4. Se puede aprovechar un problema XSS para acceder al buzón de correo de un usuario autenticado. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Se descubrió un problema XSS en un endpoint web en Zimbra Collaboration (ZCS) anterior a 10.0.4 a través de un parámetro no sanitizado. Esto también se solucionó en el parche 43 8.8.15 y el parche 36 9.0.0. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 66EXPL: 0

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy • CWE-94: Improper Control of Generation of Code ('Code Injection') •