Vulnerabilities > Kerio > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-21 | CVE-2008-0858 | Code Injection vulnerability in multiple products Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2006-03-12 | CVE-2006-1158 | Remote Denial of Service vulnerability in Kerio MailServer Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | 7.8 |
| 2005-12-20 | CVE-2005-4425 | Denial of Service vulnerability in Kerio WinRoute Firewall RTSP Stream Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | 7.8 |
| 2005-12-11 | CVE-2005-4157 | Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. | 7.5 |
| 2005-05-02 | CVE-2005-1062 | Remote Security vulnerability in Kerio products The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. | 7.5 |
| 2004-12-31 | CVE-2004-2329 | Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5 Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | 7.2 |
| 2003-12-31 | CVE-2003-1491 | Code Injection vulnerability in Kerio Personal Firewall 2.1.4 Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | 7.5 |
| 2003-08-07 | CVE-2003-0487 | Remote Username Buffer Overrun vulnerability in Kerio Mailserver 5.6.3 Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module. | 7.5 |
| 2003-05-12 | CVE-2003-0220 | Remote Authentication Packet Buffer Overflow vulnerability in Kerio Personal Firewall 2 Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. | 7.5 |
| 2003-05-12 | CVE-2003-0219 | Unspecified vulnerability in Kerio Personal Firewall 2 Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server. | 7.5 |