CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4165
https://notcve.org/view.php?id=CVE-2008-4165
22 Sep 2008 — admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. admin/user/create_user.php en Kolab Groupware Server 1.0.0 coloca la contraseña de usuario en una petición HTTP GET, lo que permite a aadministradores locales, y posiblemente a atacantes remotos, obtener contraseñas en texto plano leyendo el archivo ss... • http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:193 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0213
https://notcve.org/view.php?id=CVE-2006-0213
14 Jan 2006 — Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. • http://kolab.org/security/kolab-vendor-notice-08.txt •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2005-4828
https://notcve.org/view.php?id=CVE-2005-4828
31 Dec 2005 — Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. • http://kolab.org/security/kolab-vendor-notice-07.txt •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2004-1997
https://notcve.org/view.php?id=CVE-2004-1997
05 May 2004 — Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=108377525924422&w=2 •