RSS   Vulnerabilities for 'Connect'   RSS

2017-05-02
 
CVE-2017-7440

 

 
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.

 
2011-03-22
 
CVE-2011-1506

CWE-20
 

 
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Kerio 10 Products
Kerio mailserver
Personal firewall
Personal firewall 2
Serverfirewall
Winroute firewall
Webstar
Avg plugin
Connect
Control
Connect client desktop application for windows and mac


Copyright 2019, cxsecurity.com

 

Back to Top