Vulnerabilities > Kerio > Kerio Mailserver > 6.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-22 | CVE-2011-1506 | Improper Input Validation vulnerability in Kerio Connect and Kerio Mailserver The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2009-07-28 | CVE-2009-2636 | Cross-Site Scripting vulnerability in Kerio Mailserver Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | 4.3 |