CVE-2006-0213
https://notcve.org/view.php?id=CVE-2006-0213
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. • http://kolab.org/security/kolab-vendor-notice-08.txt http://secunia.com/advisories/18438 http://www.osvdb.org/22381 http://www.vupen.com/english/advisories/2006/0186 https://exchange.xforce.ibmcloud.com/vulnerabilities/24123 •
CVE-2005-4828
https://notcve.org/view.php?id=CVE-2005-4828
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. • http://kolab.org/security/kolab-vendor-notice-07.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:013 http://www.osvdb.org/22538 •