CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2977 – GFI KerioConnect PDF File cross site scripting
https://notcve.org/view.php?id=CVE-2025-2977
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/0xs1ash/poc/blob/main/portable_data_exfiltration.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2976 – GFI KerioConnect File Upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-2976
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/0xs1ash/poc/blob/main/xss.md#2-when-a-file-with-a-malicious-javascript-code-in-its-name-is-uploaded-to-the-system-it-is-displayed-again-on-the-page-within-the-input-field-without-being-sanitized-this-creates-the-potential-for-an-xss-att • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2975 – GFI KerioConnect Signature EditHtmlSource cross site scripting
https://notcve.org/view.php?id=CVE-2025-2975
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0xs1ash/poc/blob/main/xss.md#1-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 1CVE-2024-52875 – GFI Kerio Control 9.4.5 HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2024-52875
17 Dec 2024 — An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade featu... • https://packetstorm.news/files/id/183183 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-11947 – GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11947
11 Dec 2024 — GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.zerodayinitiative.com/advisories/ZDI-24-1670 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-11948 – GFI Archiver Telerik Web UI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11948
11 Dec 2024 — GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. • https://www.zerodayinitiative.com/advisories/ZDI-24-1671 • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-11949 – GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11949
11 Dec 2024 — GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25267
https://notcve.org/view.php?id=CVE-2023-25267
15 Mar 2023 — An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI. • https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-29281
https://notcve.org/view.php?id=CVE-2021-29281
07 Jul 2022 — File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluyéndola, por medio de una implementación no segura del plugin Telerik Web UI, que está afectado por CVE-2014-2217, y CVE-2017-11317 • https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2019-16414 – GFI Kerio Control 9.3.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-16414
29 Sep 2019 — A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. Una vulnerabilidad de tipo XSS basado en DOM en GFI Kerio Control versión v9.3.0, permite insertar código malicioso y manipular la página de inicio de sesión para enviar de vuelta las credenciales de la víctima en texto sin cifrar para un atacante por medio de un inicio de un URI sesión/?reason=failu... • https://packetstorm.news/files/id/154678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •