CVE-2004-1658
https://notcve.org/view.php?id=CVE-2004-1658
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. • http://marc.info/?l=bugtraq&m=109420310631039&w=2 http://secunia.com/advisories/12468 http://www.security.org.sg/vuln/kerio4016.html http://www.securityfocus.com/bid/11096 https://exchange.xforce.ibmcloud.com/vulnerabilities/17270 •
CVE-2003-1491
https://notcve.org/view.php?id=CVE-2003-1491
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. • http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html http://www.securiteam.com/securitynews/5FP0N1P9PI.html http://www.securityfocus.com/bid/7436 https://exchange.xforce.ibmcloud.com/vulnerabilities/11880 • CWE-16: Configuration CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2003-0487 – Kerio MailServer 5.6.3 add_acl Module - Overflow
https://notcve.org/view.php?id=CVE-2003-0487
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module. Múltiples desbordamientos de búfer en Kerio MailServer 5.6.3 permite a usuarios remotos autenticados causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un parámetro showuser largo en el módulo do_subscribe, un parámetro folder largo en el módulo add_acl, un parámetro folder largo en el módulo list, un parámetro user largo en el módulo do_map. • https://www.exploit-db.com/exploits/22801 https://www.exploit-db.com/exploits/22803 https://www.exploit-db.com/exploits/22802 https://www.exploit-db.com/exploits/22800 https://www.exploit-db.com/exploits/46 http://marc.info/?l=bugtraq&m=105596982503760&w=2 http://nautopia.org/vulnerabilidades/kerio_mailserver.htm http://www.securityfocus.com/bid/7967 https://exchange.xforce.ibmcloud.com/vulnerabilities/12368 •
CVE-2003-0488 – Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0488
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Kerio MailServer 5.6.3 permite a atacantes remotos insertar script web arbitrario mediante el parámetro add_name en el módulo add_acl, o el parámetro alias en el módulo do_map. • https://www.exploit-db.com/exploits/22799 https://www.exploit-db.com/exploits/22804 http://marc.info/?l=bugtraq&m=105596982503760&w=2 http://nautopia.org/vulnerabilidades/kerio_mailserver.htm http://www.securityfocus.com/bid/7966 http://www.securityfocus.com/bid/7968 https://exchange.xforce.ibmcloud.com/vulnerabilities/12367 •
CVE-2003-0220 – Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0220
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. Desbordamiento de búfer en el proceso de autenticación de Kerio Personal Firewall (KPF) 2.1.4 y anteriores permite a atacantes remotos ejecutar código arbitrario con un paquete de establecimiento de conexión (handshake). • https://www.exploit-db.com/exploits/22417 https://www.exploit-db.com/exploits/16465 https://www.exploit-db.com/exploits/1537 https://www.exploit-db.com/exploits/28 https://www.exploit-db.com/exploits/22418 http://marc.info/?l=bugtraq&m=105155734411836&w=2 http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10 http://www.kb.cert.org/vuls/id/454716 http://www.securityfocus.com/bid/7180 - •