Netwin

Surgemail

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2024-11990

  • EPSS 0.06%
  • Veröffentlicht 29.11.2024 13:15:04
  • Zuletzt bearbeitet 29.11.2024 13:15:04

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

4.3

CVE-2012-2575

Exploit
  • EPSS 0.39%
  • Veröffentlicht 17.09.2012 14:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

4.3

CVE-2010-3201

Exploit
  • EPSS 1.88%
  • Veröffentlicht 07.01.2011 23:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

4

CVE-2008-7182

Exploit
  • EPSS 13.41%
  • Veröffentlicht 08.09.2009 10:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND...

5

CVE-2008-2859

  • EPSS 5.54%
  • Veröffentlicht 25.06.2008 12:36:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."

9

CVE-2008-1498

  • EPSS 24.08%
  • Veröffentlicht 25.03.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.

9

CVE-2008-1497

Exploit
  • EPSS 10.69%
  • Veröffentlicht 25.03.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

6.4

CVE-2008-1054

Exploit
  • EPSS 19.52%
  • Veröffentlicht 27.02.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute ar...

7.5

CVE-2008-1055

Exploit
  • EPSS 21.6%
  • Veröffentlicht 27.02.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string spec...

5

CVE-2007-6457

Exploit
  • EPSS 6.4%
  • Veröffentlicht 20.12.2007 00:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.