Limited Black Friday Offer:

Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion CVE-2013-7091 Scanner

There is a local file inclusion vulnerability in Zimbra Collaboration Server 7.2.2/8.0.2, which allow remote attackers to read arbitrary files.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion CVE-2013-7091 Scanner Detail

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.

http://packetstormsecurity.com/files/124321
http://www.exploit-db.com/exploits/30085
http://www.exploit-db.com/exploits/30472
http://www.securityfocus.com/bid/64149
https://exchange.xforce.ibmcloud.com/vulnerabilities/89527