Kerio Personal Firewall 2.1.x/4.x Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11859/info It is reported that the Kerio Personal Firewall KPF driver does not sufficiently sanitize API parameters that are received from API's that are hooked by KPF. When the KPF API hook handles certain parameter data...

CVE-2003-1491

CVE-2003-1491 affects Kerio Personal Firewall 2.1.4, where a default DNS (UDP 53) inbound rule permits packets from source port 53, enabling remote bypass of firewall filters. This is a network-accessible bypass vulnerability; exploitation details are provided in multiple sources (NVD/NIST, CVE l...

CVE-2002-2161

Kerio Personal Firewall (KPF) 2.1.4 and earlier is affected by a denial-of-service vulnerability where remote attackers can trigger a SYN packet flood, causing the firewall to hang and consume CPU. The description available specifies the impact but does not provide deeper root-cause details, affe...

CVE-2004-2329

Kerio Personal Firewall 2.1.5 is vulnerable to local privilege escalation: when loading firewall configuration files, the Load button opens a file dialog without dropping privileges, allowing a local user to execute arbitrary code with SYSTEM privileges. Affected component: firewall configuration...

CVE-2004-1907

The vulnerability CVE-2004-1907 affects Kerio Personal Firewall (KPF) 4.0.13, where the Web Filtering functionality can be triggered to crash a remote system by receiving hex-encoded URLs containing %13%12%13. This results in a denial-of-service condition. The available data do not specify an off...

CVE-2002-1224

CVE-2002-1224 documents a directory traversal vulnerability in the KDE file preview component affecting KDE 3.0.1 through 3.0.3a. The flaw allows remote attackers to read arbitrary files as the kpf user by supplying a URL with a modified icon parameter. The available sources consistently describ...

CVE-2003-0219

Kerio Personal Firewall (KPF) is affected by CVE-2003-0219 through versions up to 2.1.4 due to a design flaw in the remote administration authentication that enables replay of a previously captured session to issue administrator commands. CORE Security advisories (BID 7179/7180) describe two issu...

CVE-2002-1224

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter...

Multiple KDE bugs

KGhostview buffer overflow, kpf directory traversal...

KDE Security Advisory: kpf Directory traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: kpf Directory traversal Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-2.txt 0. References 1. Systems affected: kpf of any KDE release between KDE 3.0.1 and KDE 3.0.3a. 2. Overview: kpf...

KDE 3.0.x - KPF Icon Option File Disclosure

KDE 3.0.x - KPF Icon Option File Disclosure source: https://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. It has been reported that by passing a malicious file request to kpf, it is possibl...

KDE 3.0.x - KPF Icon Option File Disclosure

source: https://www.securityfocus.com/bid/5951/info A vulnerability has been discovered in the kpf file sharing utility. KDE is available for the Linux operating system. It has been reported that by passing a malicious file request to kpf, it is possible for a remote attacker to access files...