VYPR

Kolab Groupware Server

by Kolab

CVEs (6)

  • CVE-2009-4824Apr 27, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."

  • CVE-2008-4165Sep 22, 2008
    risk 0.00cvss epss 0.01

    admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.

  • CVE-2007-4510Aug 23, 2007
    risk 0.00cvss epss 0.02

    ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a…

  • CVE-2006-0213Jan 14, 2006
    risk 0.00cvss epss 0.00

    Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.

  • CVE-2005-4828Dec 31, 2005
    risk 0.00cvss epss 0.01

    Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege…

  • CVE-2004-1997May 5, 2004
    risk 0.00cvss epss 0.00

    Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.