MidnightBSD

Advisories for kolab

CVE-2004-1997 MEDIUM

Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kolab kolab_groupware_server 1.0.1
kolab kolab_groupware_server 1.0.7
kolab kolab_groupware_server 1.0.6
kolab kolab_groupware_server 1.0.8
kolab kolab_groupware_server 1.0
kolab kolab_groupware_server 1.0.3
kolab kolab_groupware_server 1.0.5
openpkg openpkg 2.0
CVE-2005-4828 MEDIUM

Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kolab kolab_groupware_server 2.0.0
kolab kolab_groupware_server 2.0.1
CVE-2006-0213 MEDIUM

Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kolab kolab_groupware_server *
kolab kolab_groupware_server 2.0.2
kolab kolab_groupware_server 2.0.1
CVE-2009-4824 HIGH

Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
kolab kolab_server 2.2.1
kolab kolab_server 2.2.0
kolab kolab_server 2.2
kolab kolab_server *
kolab kolab_server 2.1.0