Zimbra Collaboration Server 7.2.2 / 8.0.2 – Local File Inclusion Vulnerability
CVE-2013-7091: Directory traversal vulnerability on /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
NOTE: This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Impact: An attacker can exploit this vulnerability to obtain potentially sensitive information like LDAP root credentials and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer, other attacks are also possible.
Mitigation: Vendor has released patch version.
Dropbox discloses breach after hacker stole 130 GitHub repositories
02 Nov 2022 - Security Advisories & Alerts
ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS
20 Oct 2022 - Security Advisories & Alerts