Kerio » Kerio Mailserver » 6.5.0 patch_1 : Security Vulnerabilities, CVEs,

cpe:2.3:a:kerio:kerio_mailserver:6.5.0:patch_1:*:*:*:*:*:*

CVE-2011-1506

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.20%
Published
2011-03-22
Updated
2017-08-17

CVE-2008-5769

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.26%
Published
2008-12-30
Updated
2017-08-08

CVE-2008-5760

Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.26%
Published
2008-12-30
Updated
2017-08-08
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close