Vulnerabilities > Kerio > Personal Firewall > High

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-1062 Remote Security vulnerability in Kerio products
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
network
low complexity
kerio
7.5
2004-12-31 CVE-2004-2329 Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
local
low complexity
kerio
7.2
2003-12-31 CVE-2003-1491 Code Injection vulnerability in Kerio Personal Firewall 2.1.4
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
network
low complexity
kerio CWE-94
7.5