CVSS: 2.6EPSS: 4%CPEs: 5EXPL: 5CVE-2004-1907 – Kerio Personal Firewall 4.0.x - Web Filtering Remote Denial of Service
https://notcve.org/view.php?id=CVE-2004-1907
The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". • https://www.exploit-db.com/exploits/23925 http://archives.neohapsis.com/archives/bugtraq/2004-04/0061.html http://marc.info/?l=bugtraq&m=108137421524251&w=2 http://secunia.com/advisories/11331 http://www.cipher.org.uk/index.php?p=advisories/HEX-Kerio_Personal_Firewall_Remote_DOS_7-04-2004.advisory http://www.securityfocus.com/bid/10075 https://exchange.xforce.ibmcloud.com/vulnerabilities/15821 •
CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 2CVE-2004-1109 – Kerio Personal Firewall 4.1.1 - Multiple IP Options Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1109
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. • https://www.exploit-db.com/exploits/626 http://www.eeye.com/html/research/advisories/AD20041109.html http://www.kerio.com/security_advisory.html http://www.securityfocus.com/bid/11639 https://exchange.xforce.ibmcloud.com/vulnerabilities/17992 •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 1CVE-2004-1658
https://notcve.org/view.php?id=CVE-2004-1658
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. • http://marc.info/?l=bugtraq&m=109420310631039&w=2 http://secunia.com/advisories/12468 http://www.security.org.sg/vuln/kerio4016.html http://www.securityfocus.com/bid/11096 https://exchange.xforce.ibmcloud.com/vulnerabilities/17270 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2003-1491
https://notcve.org/view.php?id=CVE-2003-1491
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. • http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html http://www.securiteam.com/securitynews/5FP0N1P9PI.html http://www.securityfocus.com/bid/7436 https://exchange.xforce.ibmcloud.com/vulnerabilities/11880 • CWE-16: Configuration CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2002-2161
https://notcve.org/view.php?id=CVE-2002-2161
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood. • http://online.securityfocus.com/archive/1/289119 http://www.iss.net/security_center/static/9963.php http://www.securityfocus.com/bid/5570 •