Understand how Red Teaming can be your ultimate strategic "Sanity Check" Register now ›

What the Vuln: Zimbra

Date:
February 21 at 2 p.m. ET/11 a.m. PT
Location:
Bishop Fox YouTube and LinkedIn
Black background with What the Vuln in white and purple neon letters. Zimbra in blue neon. Photo of Carlos Yanez. Photo of cartoon hacker fox on bottom right corner.

Imagine that your organization’s web-based communication platform is vulnerable to hackers... can this give them access to sensitive information? And is this an entry point to launch more damaging exploitation operations in the long run? If the answer is yes (and it likely is), watch as we explore path traversal vulnerabilities in Zimbra, a web-based email, calendar, and collaboration suite in action since 2005.

In this inaugural episode of our What the Vuln series, Carlos Yanez, Security Consultant III zeros in on CVE-2022-37042 and CVE-2022-27925, exploring the perils of remote code execution on web-based communications technology. We deep dive into Zimbra Zip Path Traversal vulnerability and hear about unique exploit development techniques from start to finish.

Watch the first-ever What the Vuln livestream episode to hear from our security expert on:  

  • A Zimbra vulnerability discovery overview
  • A step-by-step demo of the exploit development in action
  • How to apply exploitation techniques to other vulnerabilities

Headshot BF Carlos Yanez

About the speaker, Carlos Yanez

Carlos Yanez is a Security Consultant III at Bishop Fox. His focus areas include web application assessments, cloud penetration tests, as well as mobile devices penetration tests. Prior to joining Bishop Fox, he worked on multiple e-commerce platforms as a Penetration Tester and spent years as a Web Developer and Systems Administrator. When AFK, he enjoys spending time with family and friends as well as learning new things and playing guitar.

More by Carlos

Joe sechman

About the speaker, Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

Related Events

Extend your knowledge with these related events and webcasts.

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.