CVE-2025-34071
- EPSS 0.52%
- Veröffentlicht 02.07.2025 13:45:11
- Zuletzt bearbeitet 17.09.2025 13:41:43
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which ca...
CVE-2025-34070
- EPSS 1%
- Veröffentlicht 02.07.2025 13:44:54
- Zuletzt bearbeitet 17.09.2025 13:56:58
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP ...
CVE-2025-34069
- EPSS 0.64%
- Veröffentlicht 02.07.2025 13:44:41
- Zuletzt bearbeitet 17.09.2025 14:01:51
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated re...
CVE-2024-52875
- EPSS 82.42%
- Veröffentlicht 31.01.2025 08:15:07
- Zuletzt bearbeitet 16.09.2025 17:29:19
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate ...
CVE-2019-16414
- EPSS 0.41%
- Veröffentlicht 30.09.2019 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:30:40
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.