Gfi

Mailessentials

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-34491

Exploit
  • EPSS 0.33%
  • Veröffentlicht 28.04.2025 19:20:02
  • Zuletzt bearbeitet 04.11.2025 23:15:37

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.

6.5

CVE-2025-34490

Exploit
  • EPSS 0.06%
  • Veröffentlicht 28.04.2025 19:15:47
  • Zuletzt bearbeitet 04.11.2025 23:15:36

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.

7.8

CVE-2025-34489

Exploit
  • EPSS 0.04%
  • Veröffentlicht 28.04.2025 18:50:26
  • Zuletzt bearbeitet 04.11.2025 23:15:36

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.

10

CVE-2004-1312

  • EPSS 0.99%
  • Veröffentlicht 03.01.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailS...