📦 Collaboration

This vulnerability in Zimbra Collaboration Suite allows remote attackers to bypass authentication mechanisms and escalate privileges by exploiting flaws in password and two-factor authentication param...

Zimbra Collaboration Open Source 8.8.15 logs randomly generated initial login passwords in cleartext via syslog on UDP port 514. This allows attackers with network access to intercept these temporary ...

This vulnerability in Zimbra Collaboration allows authenticated users to perform Server-Side Request Forgery (SSRF) attacks due to improper input sanitization and domain whitelisting misconfigurations...

This vulnerability allows local privilege escalation in Zimbra Collaboration Suite. An attacker with access to the zimbra user account can exploit improper input handling in the zmmailboxdmgr binary t...

This vulnerability allows unauthenticated attackers to read arbitrary files from a specific directory in Zimbra Collaboration Suite. It affects Zimbra Collaboration (ZCS) versions 9.0 and 10.0 through...

This vulnerability in Zimbra Collaboration Suite allows attackers to gain unauthorized access to Zimbra user accounts. It affects Zimbra installations running vulnerable versions before the patched re...

This vulnerability allows authenticated privileged users in Zimbra Collaboration Suite to upload malicious files through the ClientUploader function, potentially leading to remote code execution and s...

This vulnerability allows an attacker with initial user access to a Zimbra Collaboration Suite server to execute arbitrary commands as root by manipulating JVM arguments, leading to local privilege es...

Zimbra Collaboration 10.0 and 10.1 contain hardcoded Flickr API credentials in the publicly accessible Flickr Zimlet. Attackers can retrieve these credentials and impersonate the legitimate applicatio...

This Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration allows attackers to upload specially crafted files that bypass content type validation, enabling execution of arbitrary JavaScript...

This reflected XSS vulnerability in Zimbra Collaboration allows authenticated attackers to inject malicious JavaScript via the packages parameter in the admin interface. When another user visits a cra...