CVSS: 8.1EPSS: 5%CPEs: 57EXPL: 0CVE-2011-1506
https://notcve.org/view.php?id=CVE-2011-1506
22 Mar 2011 — The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information. La implementación STARTTLS en Kerio Connect v7.1.4 build 2985 y MailServ... • http://secunia.com/advisories/43678 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2008-5769
https://notcve.org/view.php?id=CVE-2008-5769
30 Dec 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Kerio MailServer anterior a v6.6.2, permite a atacantes remotos inyectar secuencias de comandos web o ... • http://secunia.com/advisories/32955 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2008-5760
https://notcve.org/view.php?id=CVE-2008-5760
30 Dec 2008 — Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en error413.php en Kerio MailServer anterior a v6.6.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "sent". NOTA: algunos... • http://secunia.com/advisories/32955 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-0858
https://notcve.org/view.php?id=CVE-2008-0858
21 Feb 2008 — Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de desbordamiento de búfer en el Plugin Visnetic anti-virus en Kerio MailServer anterior a la v6.5.0, podría permitir a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://secunia.com/advisories/29021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2008-0859
https://notcve.org/view.php?id=CVE-2008-0859
21 Feb 2008 — Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. Vulnerabilidad sin especificar en Kerio MailServer vesiones anteriores a 6.5.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores no especificados relacionados con la decodificación de una entrada UUencoded, lo cual dispara una corrupción de memoria. • http://secunia.com/advisories/29021 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0860
https://notcve.org/view.php?id=CVE-2008-0860
21 Feb 2008 — Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs. Vulnerabilidad no especificada en el Plugin AVG en Kerio MailServer anterior 6.5.0, tiene un impacto no especificado a través de vetores de ataque remotos relacionados con las DACLs vacías. • http://secunia.com/advisories/29021 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3993
https://notcve.org/view.php?id=CVE-2007-3993
25 Jul 2007 — Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en el filtro de adjuntos en Kerio MailServer anterior 6.4.1 tiene un impacto desconocido y vectores de ataque remotos. • http://osvdb.org/38571 •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2006-6554
https://notcve.org/view.php?id=CVE-2006-6554
14 Dec 2006 — Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. Vulnerabilidad no especificada en Kerio MailServer anteriores a 6.3.1 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y parada de servicio) mediante ciertas consultas LDAP largas, como ha demostrado vd_kms6.pm. • http://secunia.com/advisories/23364 •
CVSS: 7.8EPSS: 1%CPEs: 24EXPL: 0CVE-2006-1158
https://notcve.org/view.php?id=CVE-2006-1158
12 Mar 2006 — Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. • http://secunia.com/advisories/19150 •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2005-1138
https://notcve.org/view.php?id=CVE-2005-1138
16 Apr 2005 — Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. • http://securitytracker.com/id?1013708 •