all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Zimbra Collaboration Suite TAR Path Traversal

Add to bookmarks
Oct. 20, 2022, 2:34 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other …

collaboration path path traversal tar zimbra zimbra collaboration suite

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5665-1 4 days, 21 hours ago | packetstormsecurity.com
advisory debian debian linux security engine +7
Debian Security Advisory 5664-1 4 days, 21 hours ago | packetstormsecurity.com
advisory attackers can clients +20
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference 4 days, 21 hours ago | packetstormsecurity.com
audio client client-side configuration +11
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass 4 days, 21 hours ago | packetstormsecurity.com
access attackers audio authentication +15
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference 4 days, 21 hours ago | packetstormsecurity.com
client client-side configuration device +12
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass 4 days, 21 hours ago | packetstormsecurity.com
access attackers authentication authentication bypass +16
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference 4 days, 21 hours ago | packetstormsecurity.com
client client-side configuration device +10
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass 4 days, 21 hours ago | packetstormsecurity.com
access attackers authentication authentication bypass +14
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference 4 days, 21 hours ago | packetstormsecurity.com
1.0.0 broadcast client client-side +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Penetration Tester

@ Resillion | Bengaluru, India
View on infosec-jobs.com

Senior Backend Software Engineer (Java) - Privacy Engineering (Open to remote across ANZ)

@ Canva | Sydney, Australia
View on infosec-jobs.com

(Senior) Information Security Professional (w/m/d)

@ IONOS | Deutschland - Remote
View on infosec-jobs.com

Information Security (Incident Response) Intern

@ Eurofins | Katowice, Poland
View on infosec-jobs.com

Game Penetration Tester

@ Magic Media | Belgrade, Vojvodina, Serbia - Remote
View on infosec-jobs.com
View more jobs