ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.