Zimbra Mail Server Vulnerability Scope

The Zimbra mail server is a dedicated server that manages mailbox contents, messages, contacts, calendar, and others for micro, small, medium & enterprise scales. 
Zimbra offers an enterprise-class solution for company collaboration with email, calendar and file sharing tools

We are currently looking for the following items in Zimbra:

  • Code/command execution
  • Authentication bypass
  • Command injection


Think you figured out how to run unauthenticated commands on Zimbra? We are looking for you! Found something not on this list? We still want to buy it!

No Bug Bounty Leaderboards, only safe disclosures