CVE-2018-6288
https://notcve.org/view.php?id=CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Existe Cross-Site Request Forgery (CSRF) que conduce a la toma de control de una cuenta administrativa en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-6289
https://notcve.org/view.php?id=CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Inyección de archivos de configuración provoca ejecución de código como Root en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-6290
https://notcve.org/view.php?id=CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Escalado de privilegios locales en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities •
CVE-2018-6291
https://notcve.org/view.php?id=CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Cross-Site Scripting (XSS) en WebConsole en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2004-1096 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-1096
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. El módulo Perl Archive::Zip anterior a 1.14, cuando se usa en programas antivirus como amavisd-new, permite a atacantes remotos saltarse la protección del antivirus mediante un ficheros comprimido con cabeceras globales y locales establecido a cero, lo que no impide que el fichero comprimido sea abierto en un sistema objetivo. • https://www.exploit-db.com/exploits/629 http://secunia.com/advisories/13038 http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/492545 http://www.mandriva.com/security/advisories?name=MDKSA-2004:118 http://www.securityfocus.com/bid/11448 https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 •