Kolab

kolab

6 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Kolab Groupware Server

kolab_groupware_server

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-4824 1Kolab 1Kolab Server Apr 29, 2026 Apr 27, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."
CVE-2008-4165 1Kolab 1Kolab Groupware Server Apr 23, 2026 Sep 22, 2008 N/A· v4 N/A· v3 4.0 MEDIUM· v2 admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl...Show more admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.Show less
CVE-2007-4510 2Clam Anti Virus Kolab 2Clamav Kolab Server Apr 23, 2026 Aug 23, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereferenc...Show more ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.Show less
CVE-2006-0213 1Kolab 1Kolab Groupware Server Apr 16, 2026 Jan 14, 2006 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users...Show more Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.Show less
CVE-2005-4828 1Kolab 1Kolab Groupware Server Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE:...Show more Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.Show less
CVE-2004-1997 2Kolab Openpkg 2Kolab Groupware Server Openpkg Apr 16, 2026 May 5, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.