CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4824
https://notcve.org/view.php?id=CVE-2009-4824
Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." Vulnerabilidad no especificada en Kolab Webclient anterior v1.2.0 en Kolab Server anterior v2.2.3 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados con un "formulario de carga de imagen" • http://files.kolab.org/server/release/kolab-server-2.2.3/sources/release-notes.txt http://osvdb.org/61301 http://secunia.com/advisories/37918 http://www.mandriva.com/security/advisories?name=MDVSA-2010:108 http://www.securityfocus.com/bid/37465 http://www.vupen.com/english/advisories/2010/1245 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4165
https://notcve.org/view.php?id=CVE-2008-4165
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string. admin/user/create_user.php en Kolab Groupware Server 1.0.0 coloca la contraseña de usuario en una petición HTTP GET, lo que permite a aadministradores locales, y posiblemente a atacantes remotos, obtener contraseñas en texto plano leyendo el archivo ssl_access_log o la cadena mencionada. • http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:193 http://www.securityfocus.com/bid/31165 https://exchange.xforce.ibmcloud.com/vulnerabilities/45124 https://qa.mandriva.com/show_bug.cgi?id=43434 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 14%CPEs: 8EXPL: 0CVE-2007-4510
https://notcve.org/view.php?id=CVE-2007-4510
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. ClamAV anterior a 0.91.2, usado en Kolab Server 2.0 hasta 2.2.beta1 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) mediante (1) un archivo RTF manipulado, que dispara una referencia a NULL en la función cli-scanrtf de libclamav/rtf.c; o (2) un documento HTML manipulado con un URI data:, el cual dispara una referencia a NULL en la función cli_html_normalise de libclamav/htmlnorm.c. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://docs.info.apple.com/article.html?artnum=307562 http://kolab.org/security/kolab-vendor-notice-17.txt http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/26530 http://secunia.com/advisories/26552 http://secunia.com/advisories/26654 http://secunia.com/advisories/26674 http://secunia.com/advisories/26683 http://secunia.com/advisories/26751 http://secunia.com/advisories/26822 http://secunia.com/advisories/26916 http://s •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0213
https://notcve.org/view.php?id=CVE-2006-0213
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. • http://kolab.org/security/kolab-vendor-notice-08.txt http://secunia.com/advisories/18438 http://www.osvdb.org/22381 http://www.vupen.com/english/advisories/2006/0186 https://exchange.xforce.ibmcloud.com/vulnerabilities/24123 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2005-4828
https://notcve.org/view.php?id=CVE-2005-4828
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. • http://kolab.org/security/kolab-vendor-notice-07.txt http://www.mandriva.com/security/advisories?name=MDKSA-2006:013 http://www.osvdb.org/22538 •