Filtered by vendor Netwin
Subscriptions
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0611 | 1 Netwin | 2 Cwmail, Dmailweb | 2017-10-10 | N/A |
| The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. | ||||
| CVE-2000-0610 | 1 Netwin | 2 Cwmail, Dmailweb | 2017-10-10 | N/A |
| NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. | ||||
| CVE-2000-0490 | 1 Netwin | 1 Dmail | 2017-10-10 | N/A |
| Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. | ||||
| CVE-2008-7182 | 1 Netwin | 1 Surgemail | 2017-09-29 | N/A |
| Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. | ||||
| CVE-2008-1498 | 1 Netwin | 1 Surgemail | 2017-09-29 | N/A |
| Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command. | ||||
| CVE-2013-4742 | 1 Netwin | 1 Surgeftp | 2017-08-29 | N/A |
| Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request. | ||||
| CVE-2010-1068 | 1 Netwin | 1 Surgeftp | 2017-08-17 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action. | ||||
| CVE-2008-2859 | 1 Netwin | 1 Surgemail | 2017-08-08 | N/A |
| Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command." | ||||
| CVE-2007-3769 | 1 Netwin | 1 Surgeftp | 2017-07-29 | N/A |
| Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. | ||||
| CVE-2007-3768 | 1 Netwin | 1 Surgeftp | 2017-07-29 | N/A |
| The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | ||||
| CVE-2007-2655 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-29 | N/A |
| Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | ||||
| CVE-2005-1516 | 1 Netwin | 1 Dmail | 2017-07-11 | N/A |
| DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | ||||
| CVE-2005-1478 | 1 Netwin | 1 Dmail | 2017-07-11 | N/A |
| Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | ||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2017-07-11 | N/A |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | ||||
| CVE-2004-2548 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). | ||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-11 | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | ||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2017-07-11 | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | ||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2017-07-11 | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | ||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2017-07-11 | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | ||||
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2017-07-11 | N/A |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | ||||