IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95071 Diese Prüfung bezieht sich auf die 12...

Strato Server ACP - Persistent DOM XSS Vulnerabilities

Document Title: =============== Strato Server ACP - Persistent DOM XSS Vulnerabilities Release Date: ============= 2011-08-24 Vulnerability Laboratory ID VL-ID: ==================================== 141 Product & Service Introduction: =============================== Control Panel of Strato Hosting...

Strato Server ACP - Persistent DOM XSS Vulnerabilities

Document Title: =============== Strato Server ACP - Persistent DOM XSS Vulnerabilities Release Date: ============= 2011-08-24 Vulnerability Laboratory ID VL-ID: ==================================== 141 Product & Service Introduction: =============================== Control Panel of Strato Hosting...

Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability

Kerio Mail Server/Connect is prone to plaintext command injection vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability

The host is running Kerio Mail Server/Connect and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodkerioproductsstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability Authors: Soora...

CVE-2011-1506

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

Command injection

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

CVE-2011-1506

Technical details for CVE-2011-1506 are not publicly provided in the supplied connected documents. The available sources describe a plaintext command injection pattern but do not give Kerio Connect/MailServer product/version/root‑cause specifics here. Monitor for updates.

Multiple Kerio Products Administration Console File Disclosure and Corruption Vulnerability

Multiple Kerio Products are prone to a file disclosure and corruption vulnerability. An attacker can exploit this vulnerability to gain access to files and corrupt data on a vulnerable computer. This may aid in further attacks. Kerio MailServer up to and including version 6.7.3 as well as Kerio...

Kerio MailServer / Connect < 7.0.1 Administration Console File Disclosure and File Corruption Vulnerability

Binary data 5561.prm...

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95071 Diese Prüfung bezieht sich auf die 10...

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95071 Diese Prüfung bezieht sich auf die 11...

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver

IT-Grundschutz M5.109: Einsatz eines E-Mail-Scanners auf dem Mailserver. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95071 Diese Prüfung bezieht sich auf die 10...

Kerio MailServer WebMail 'Integration' Page XSS Vulnerability

Kerio MailServer is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Kerio MailServer WebMail 'Integration' Page XSS Vulnerability

The host is running Kerio MailServer and is prone to Cross-Site Scripting vulnerability OpenVAS Vulnerability Test $Id: gbkeriomailserverxssvulnaug09.nasl 4869 2016-12-29 11:01:45Z teissa $ Kerio MailServer WebMail 'Integration' Page XSS Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

Cross site scripting

Cross-site scripting XSS vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message...

CVE-2009-2636

Kerio MailServer WebMail usion page vulnerability CVE-2009-2636 is a cross-site scripting (XSS) flaw in the WebMail integration page. Affects Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0. Exploitation allows an attacker to inject arbitrary web script or HTML via an e-mail message, with impact...

Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01)

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.6.2 Patch 3 or 6.7.0 Patch 1. The webmail component of such versions is reportedly affected by a cross-site scripting vulnerability on the Integration page. Successful exploitation of this issue could lea...

Check if Mailserver answer to VRFY and EXPN requests

The Mailserver on this host answers to VRFY and/or EXPN requests. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kerio Mail Server Multiple Cross Site Scripting vulnerabilities

The host is running Kerio Mail Server and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbkeriomailservermultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Kerio Mail Server Multiple Cross Site Scripting vulnerabilities Authors: Chandan S Copyright:...