cve/CVE-2013-7091.md at 48a00929accbe24477052d164512463a2824377a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.

POC

Reference

http://packetstormsecurity.com/files/124321
http://www.exploit-db.com/exploits/30472

Github

https://github.com/ARPSyndicate/kenzer-templates
https://github.com/ZTK-009/RedTeamer
https://github.com/fengjixuchui/RedTeamer
https://github.com/fnmsd/zimbra_poc
https://github.com/password520/RedTeamer

1.0 KiB Raw Blame History

CVE-2013-7091

Description

POC

Reference

Github

1.0 KiB

Raw Blame History