CVE-2018-6290
https://notcve.org/view.php?id=CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Escalado de privilegios locales en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities •
CVE-2018-6291
https://notcve.org/view.php?id=CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. Cross-Site Scripting (XSS) en WebConsole en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6288
https://notcve.org/view.php?id=CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Existe Cross-Site Request Forgery (CSRF) que conduce a la toma de control de una cuenta administrativa en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-6289
https://notcve.org/view.php?id=CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Inyección de archivos de configuración provoca ejecución de código como Root en Kaspersky Secure Mail Gateway 1.1. • https://support.kaspersky.com/vulnerability.aspx?el=12430#010218 https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2013-6037 – AKER Secure Mail Gateway 2.5.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6037
Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. Vulnerabilidad de XSS en index.php en Aker Secure Mail Gateway 2.5.2 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro msg_id. AKER Secure Mail Gateway versions 2.5.2 and below suffer from multiple reflective cross site scripting vulnerabilities. • http://www.kb.cert.org/vuls/id/687278 http://www.securityfocus.com/bid/66024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •