- EPSS 0.23%
- Veröffentlicht 22.09.2008 18:34:16
- Zuletzt bearbeitet 09.04.2025 00:30:58
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the refere...
CVE-2006-0213
- EPSS 0.09%
- Veröffentlicht 14.01.2006 01:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
CVE-2005-4828
- EPSS 0.45%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this ...
CVE-2004-1997
- EPSS 0.13%
- Veröffentlicht 05.05.2004 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.