CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7440
https://notcve.org/view.php?id=CVE-2017-7440
02 May 2017 — Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. Kerio Connect 8.0.0 a 9.2.2 y la aplicación de escritorio Kerio Connect Client para Windows y Mac 9.2.0 a 9.2.2, cuando la vista previa de correo electrónico está habilitada, permite a atacantes remotos realizar ataques de clickjacking a través de un mensaje de correo elec... • https://www.gfi.com/support/products/Clickjacking-vulnerability-in-Kerio-Connect-8-and-9-CVE-2017-7440 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5254
https://notcve.org/view.php?id=CVE-2010-5254
07 Sep 2012 — Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en GFI Backup v3.1 Build 20100730 2009 Home Edition, permite a usuarios locales ganar privilegios a través de un archivo de caball... • http://secunia.com/advisories/41226 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5181
https://notcve.org/view.php?id=CVE-2010-5181
25 Aug 2012 — Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has alread... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2005-3182
https://notcve.org/view.php?id=CVE-2005-3182
20 Oct 2005 — Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well. • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0290.html •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0604
https://notcve.org/view.php?id=CVE-2005-0604
01 Mar 2005 — lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. • http://marc.info/?l=bugtraq&m=110961644621528&w=2 •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2004-1312
https://notcve.org/view.php?id=CVE-2004-1312
03 Jan 2005 — A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. • http://kbase.gfi.com/showarticle.asp?id=KBID002249 •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2002-1121
https://notcve.org/view.php?id=CVE-2002-1121
14 Sep 2002 — SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type... • http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html •