what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed


Zimbra XML Injection / Server-Side Request Forgery
Posted Jun 5, 2019
Authored by k8gege

Zimbra versions prior to 8.8.1 suffer from XML external entity injection and server-side request forgery vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2019-9621
MD5 | 7786dd8ab3f0d9db1434bae8999c05ad

Related Files

Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
Posted Apr 11, 2019
Authored by Jacob Robles, Khanh Viet Pham, An Trinh | Site metasploit.com

This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition.

tags | exploit, web, code execution
advisories | CVE-2019-9621, CVE-2019-9670
MD5 | b42049eb9c9de4811401181abe4e75ba
Zimbra Collaboration Cross Site Scripting
Posted Feb 2, 2019
Authored by Issam Rabhi

Zimbra Collaboration versions prior to 8.8.11 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-14013
MD5 | 7c3e5bfa4d1dacfb8dbff2d4fd83b750
Zimbra 8.6.0_GA_1153 Cross Site Scripting
Posted Aug 10, 2018
Authored by Dino Barlattani

Zimbra version 8.6.0_GA_1153 build 20141215151110 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-3411
MD5 | 0fea963435c71a68f27ddc33d319dfb7
Zimbra Collaboration Suite 8.7.11_GA_1854 Cross Site Scripting
Posted Mar 25, 2018
Authored by Securify B.V., Stephan Kaag

Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6882
MD5 | 6de4d493c54ea789d91dbcba0df1db8b
Zimbra Collaboration Suite Cross Site Scripting
Posted Jan 12, 2018
Authored by Alessandro Zala, Damian Pfammatter

Zimbra Collaboration Suite suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-8802
MD5 | 4d4d653c1cd36ed4bc5e1673562b2892
Zimbra Cross Site Request Forgery
Posted Jan 13, 2017
Authored by Damien Cauquil, Anthony Laou-Hine Tsuei

Zimbra versions prior to 8.7 suffer from cross site request forgery vulnerabilities in the administrative interface.

tags | exploit, vulnerability, csrf
advisories | CVE-2016-3403
MD5 | 189d23eebfbeda38ecd6cc32496e1de4
Zimbra 8.0.9 GA Cross Site Request Forgery
Posted Feb 26, 2016
Authored by Damien Cauquil, Anthony Laou-Hine Tsuei

Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c2e1a71f34137aeaee5e6fa5f9557534
Zimbra Collaboration Server LFI
Posted Dec 23, 2013
Authored by rubina119 | Site metasploit.com

This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an authentication token for the admin web interface. This access can be used to achieve remote code execution. This Metasploit module has been tested on Zimbra Collaboration Server 8.0.2 with Ubuntu Server 12.04.

tags | exploit, remote, web, local, code execution, file inclusion
systems | linux, ubuntu
advisories | CVE-2013-7091
MD5 | 48babc6e0480e9201295c00884a1014b
Zimbra Local File Inclusion
Posted Dec 7, 2013
Authored by rubina119

Zimbra suffers from a local file inclusion vulnerability that allows for privilege escalation.

tags | exploit, local, file inclusion
systems | linux
MD5 | ed784553a4706bf3393b26fcd1d1f42b
Zimbra Cross Site Scripting
Posted Feb 13, 2012
Authored by Sony

Zimbra suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f9522506e35658198190d1ba59f149c7
Page 1 of 1

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By