SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Zimbra Collaboration mboximport Directory Traversal 1

Category: WEB-ATTACKS      

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2146


Relevant Information