Vulnerabilities > GFI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-25267 | Out-of-bounds Write vulnerability in GFI Kerio Connect 9.4.1 An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). | 8.8 |
| 2022-07-07 | CVE-2021-29281 | Unrestricted Upload of File with Dangerous Type vulnerability in GFI Archiver File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. | 7.5 |
| 2019-09-30 | CVE-2019-16414 | Cross-site Scripting vulnerability in GFI Kerio Control 9.3.0 A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. | 4.3 |
| 2017-05-02 | CVE-2017-7440 | Improper Restriction of Rendered UI Layers or Frames vulnerability in GFI Kerio Connect and Kerio Connect Client Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | 6.5 |
| 2012-09-07 | CVE-2010-5254 | Unspecified vulnerability in GFI Backup 2009 3.1 Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. local gfi | 6.9 |
| 2005-10-20 | CVE-2005-3182 | Remote Buffer Overflow vulnerability in GFI Mailsecurity 8.1 Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. | 7.5 |
| 2005-05-02 | CVE-2005-0604 | Local Security vulnerability in GFI Languard Network Security Scanner 5.0 lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. | 4.6 |
| 2005-01-03 | CVE-2004-1312 | Remote Denial of Service vulnerability in GFI MailEssentials and MailSecurity HTML Email A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. | 10.0 |
| 2002-09-24 | CVE-2002-1121 | SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. | 7.5 |