CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4165
https://notcve.org/view.php?id=CVE-2008-4165
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. admin/user/create_user.php en Kolab Groupware Server 1.0.0 coloca la contraseña de usuario en una petición HTTP GET, lo que permite a aadministradores locales, y posiblemente a atacantes remotos, obtener contraseñas en texto plano leyendo el archivo ssl_access_log o la cadena mencionada. • http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:193 http://www.securityfocus.com/bid/31165 https://exchange.xforce.ibmcloud.com/vulnerabilities/45124 https://qa.mandriva.com/show_bug.cgi?id=43434 • CWE-310: Cryptographic Issues •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0213
https://notcve.org/view.php?id=CVE-2006-0213
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. • http://kolab.org/security/kolab-vendor-notice-08.txt http://secunia.com/advisories/18438 http://www.osvdb.org/22381 http://www.vupen.com/english/advisories/2006/0186 https://exchange.xforce.ibmcloud.com/vulnerabilities/24123 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2005-4828
https://notcve.org/view.php?id=CVE-2005-4828
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. • http://kolab.org/security/kolab-vendor-notice-07.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:013 http://www.osvdb.org/22538 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 2CVE-2004-1997
https://notcve.org/view.php?id=CVE-2004-1997
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=108377525924422&w=2 http://secunia.com/advisories/11560 http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:052 http://www.osvdb.org/5898 http://www.securityfocus.com/bid/10277 https://exchange.xforce.ibmcloud.com/vulnerabilities/16068 •