Lucene search

K

Gfi Security Vulnerabilities

cve
cve

CVE-2010-5181

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

6.9AI Score

0.0004EPSS

2022-10-03 04:21 PM
21
cve
cve

CVE-2017-7440

Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail...

6.5CVSS

6.4AI Score

0.002EPSS

2017-05-02 02:59 PM
217
cve
cve

CVE-2023-25267

An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc...

8.8CVSS

8.5AI Score

0.001EPSS

2023-03-15 10:15 PM
27
cve
cve

CVE-2010-5254

Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 2009 Home Edition allows local users to gain privileges via a Trojan horse ArmAccess.dll file in the current working directory, as demonstrated by a directory that contains a .gbc or .gbt file. NOTE: some of these details are...

6.7AI Score

0.0004EPSS

2022-10-03 04:21 PM
19
cve
cve

CVE-2021-29281

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and...

9.8CVSS

9.4AI Score

0.157EPSS

2022-07-07 09:15 PM
101
11
cve
cve

CVE-2019-16414

A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM=...

6.1CVSS

6AI Score

0.002EPSS

2019-09-30 01:15 PM
74
cve
cve

CVE-2005-3182

Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true,...

7.9AI Score

0.161EPSS

2005-10-20 10:02 AM
26
cve
cve

CVE-2005-0604

lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator...

6.8AI Score

0.0005EPSS

2005-05-02 04:00 AM
17
cve
cve

CVE-2004-1312

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to...

6.6AI Score

0.008EPSS

2005-01-06 05:00 AM
27
cve
cve

CVE-2002-1121

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message...

6.9AI Score

0.011EPSS

2002-09-24 04:00 AM
18