An Trinh - Security Researcher - Exploit Intelligence Platform

CVE-2019-9621 NOMISEC HIGH WORKING POC

Zimbra Collaboration Suite <8.6-8.8 - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

78 stars

CVSS 7.5

View Code

CVE-2019-9621 METASPLOIT HIGH ruby WORKING POC

Zimbra Collaboration Suite <8.6-8.8 - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

CVSS 7.5

View Code

CVE-2019-9621 EXPLOITDB HIGH ruby WORKING POC

Zimbra Collaboration Suite <8.6-8.8 - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

CVSS 7.5

View Code

CVE-2019-9670 METASPLOIT CRITICAL ruby WORKING POC

Synacor Zimbra Collaboration Suite <8.7.11p10 - XXE

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

CVSS 9.8

View Code

CVE-2019-9670 EXPLOITDB CRITICAL ruby WORKING POC

Synacor Zimbra Collaboration Suite <8.7.11p10 - XXE

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

CVSS 9.8

View Code