CVSS: 8.1EPSS: 5%CPEs: 57EXPL: 0CVE-2011-1506
https://notcve.org/view.php?id=CVE-2011-1506
22 Mar 2011 — The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information. La implementación STARTTLS en Kerio Connect v7.1.4 build 2985 y MailServ... • http://secunia.com/advisories/43678 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2008-5769
https://notcve.org/view.php?id=CVE-2008-5769
30 Dec 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Kerio MailServer anterior a v6.6.2, permite a atacantes remotos inyectar secuencias de comandos web o ... • http://secunia.com/advisories/32955 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2008-5760
https://notcve.org/view.php?id=CVE-2008-5760
30 Dec 2008 — Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en error413.php en Kerio MailServer anterior a v6.6.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "sent". NOTA: algunos... • http://secunia.com/advisories/32955 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •