SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Zimbra Collaboration mboximport Directory Traversal 2

Category: WEB-ATTACKS      

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

References
http://www.securityfocus.com/bid/38457


Relevant Information