“Zimbra Collaboration Suite Network Edition includes functionality that allows customers to receive a ZIP archive and extract its contents to an arbitrary location on the host due to the path traversal #vulnerability. This could be leveraged by #hackers to achieve #remotecodeexecution on the target system. Note that the open-source edition is not affected. While the path traversal vulnerability was first published last year, it has gained more traction, especially since working #exploits have been published lately to achieve remote code execution.”

Read more in our #WhattheVuln write-up: https://bfx.social/3lUL75U #RCE

If you caught today's #WhattheVuln episode featuring Carlos Yanez discussing Zimbra #security, be sure to check out his write-up on the topic, too! https://bfx.social/3lUL75U

Next month we're back with Lindsay Von Tish and Allan Cecil to talk about #EDR bypassing with #LoLBins.

In the inaugural episode of our #WhattheVuln series, Carlos Yanez zeros in on CVE-2022-37042 and #CVE-2022-27925, exploring the perils of #RCE on web-based communications technology.

Watch along on our livestream on February 21st! https://bfx.social/3jjgFkK

In the inaugural episode of our #WhattheVuln series, Carlos Yanez zeros in on CVE-2022-37042 and #CVE-2022-27925, exploring the perils of #RCE on web-based communications technology. Watch along on our livestream on February 21st! https://bfx.social/3XQ2UsQ